Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: saiku biserver plugin

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
saiku-olap-util-3.17.jar org.saikuanalytics:saiku-olap-util:3.17   0 11
saiku-service-3.17.jar org.saikuanalytics:saiku-service:3.17   0 11
saiku-web-3.17.jar org.saikuanalytics:saiku-web:3.17   0 12
antlr-2.7.7.jar antlr:antlr:2.7.7   0 9
aopalliance-1.0.jar aopalliance:aopalliance:1.0   0 10
asm-attrs-2.2.3.jar asm:asm-attrs:2.2.3   0 10
asm-3.1.jar asm:asm:3.1   0 10
avalon-framework-api-4.2.0.jar avalon-framework:avalon-framework-api:4.2.0   0 11
avalon-framework-impl-4.2.0.jar avalon-framework:avalon-framework-impl:4.2.0   0 11
licenseserver-core-1.0-SNAPSHOT.jar bi.meteorite:licenseserver-core:1.0-SNAPSHOT   0 10
not-yet-commons-ssl-0.3.9.jar cpe:/a:not_yet_commons_ssl_project:not_yet_commons_ssl:0.3.9 ca.juliusdavies:not-yet-commons-ssl:0.3.9 Medium 1 LOW 12
cglib-nodep-2.2.jar cglib:cglib-nodep:2.2   0 11
cglib-2.2.jar cglib:cglib:2.2   0 10
jcommander-1.30.jar com.beust:jcommander:1.30   0 12
clover-3.3.0.jar   0 9
clover-3.3.0.jar: grover.jar   0 9
phantomjsdriver-1.2.1.jar com.codeborne:phantomjsdriver:1.2.1   0 11
classmate-1.0.0.jar com.fasterxml:classmate:1.0.0   0 15
jackson-core-2.5.1.jar cpe:/a:fasterxml:jackson:2.5.1 com.fasterxml.jackson.core:jackson-core:2.5.1   0 LOW 23
jackson-databind-2.5.1.jar cpe:/a:fasterxml:jackson-databind:2.5.1
cpe:/a:fasterxml:jackson:2.5.1
com.fasterxml.jackson.core:jackson-databind:2.5.1 High 12 HIGHEST 23
curvesapi-1.04.jar com.github.virtuald:curvesapi:1.04   0 11
gson-2.3.1.jar com.google.code.gson:gson:2.3.1   0 16
guava-17.0.jar cpe:/a:google:guava:17.0 com.google.guava:guava:17.0 Medium 1 HIGHEST 13
gwt-servlet-2.5.1.jar com.google.gwt:gwt-servlet:2.5.1   0 11
guice-3.0.jar com.google.inject:guice:3.0   0 15
protobuf-java-2.4.1.jar cpe:/a:google:protobuf:2.4.1 com.google.protobuf:protobuf-java:2.4.1 Medium 1 HIGHEST 13
json-simple-1.1.1.jar com.googlecode.json-simple:json-simple:1.1.1   0 12
lambdaj-2.3.3.jar com.googlecode.lambdaj:lambdaj:2.3.3   0 12
h2-1.4.188.jar cpe:/a:h2database:h2:1.4.188 com.h2database:h2:1.4.188   0 LOW 14
hazelcast-wm-3.6.2.jar com.hazelcast:hazelcast-wm:3.6.2   0 19
hazelcast-3.6.2.jar   0 17
awaitility-1.6.3.jar com.jayway.awaitility:awaitility:1.6.3   0 14
jsch-0.1.54.jar cpe:/a:jcraft:jsch:0.1.54 com.jcraft:jsch:0.1.54   0 LOW 13
filters-2.0.235.jar cpe:/a:image_processing_software:image_processing_software:2.0.235
cpe:/a:processing:processing:2.0.235
com.jhlabs:filters:2.0.235 Medium 2 LOW 13
marklogic-xcc-9.0.3.jar cpe:/a:marklogic:marklogic:9.0.3 com.marklogic:marklogic-xcc:9.0.3   0 LOW 13
operadriver-1.5.jar cpe:/a:opera:opera:1.5
cpe:/a:opera_software:opera:1.5
com.opera:operadriver:1.5 High 16 LOW 13
operalaunchers-1.1.jar cpe:/a:opera:opera:1.1
cpe:/a:opera_software:opera:1.1
com.opera:operalaunchers:1.1 High 16 LOW 13
operalaunchers-1.1.jar: launcher-win32-i86pc.exe   0 2
orient-commons-1.3.0.jar cpe:/a:orientdb:orientdb:1.3.0 com.orientechnologies:orient-commons:1.3.0 High 2 LOW 23
orientdb-core-1.3.0.jar cpe:/a:orientdb:orientdb:1.3.0 com.orientechnologies:orientdb-core:1.3.0 High 2 LOW 22
miredot-annotations-1.3.1.jar com.qmino:miredot-annotations:1.3.1   0 10
jersey-apache-client-1.19.1.jar cpe:/a:oracle:oracle_client:1.19.1 com.sun.jersey.contribs:jersey-apache-client:1.19.1 High 1 LOW 17
jersey-multipart-1.19.jar com.sun.jersey.contribs:jersey-multipart:1.19   0 17
jersey-spring-1.19.jar com.sun.jersey.contribs:jersey-spring:1.19   0 18
jersey-core-1.19.jar cpe:/a:restful_web_services_project:restful_web_services:1.19 com.sun.jersey:jersey-core:1.19   0 LOW 17
jaxb-impl-2.2.3-1.jar com.sun.xml.bind:jaxb-impl:2.2.3-1   0 17
paranamer-2.4.jar com.thoughtworks.paranamer:paranamer:2.4   0 11
xstream-1.4.5.jar cpe:/a:xstream_project:xstream:1.4.5 com.thoughtworks.xstream:xstream:1.4.5 Medium 2 LOW 23
commons-beanutils-core-1.8.3.jar cpe:/a:apache:commons_beanutils:1.8.3 commons-beanutils:commons-beanutils-core:1.8.3 High 1 LOW 15
commons-beanutils-1.9.3.jar cpe:/a:apache:commons_beanutils:1.9.3 commons-beanutils:commons-beanutils:1.9.3   0 LOW 23
commons-cli-1.2.jar commons-cli:commons-cli:1.2   0 20
commons-codec-1.9.jar commons-codec:commons-codec:1.9   0 21
commons-collections-3.2.1.jar cpe:/a:apache:commons_collections:3.2.1 commons-collections:commons-collections:3.2.1 High 2 HIGHEST 20
commons-dbcp-1.4.jar commons-dbcp:commons-dbcp:1.4   0 20
commons-digester-1.8.jar commons-digester:commons-digester:1.8   0 17
commons-fileupload-1.3.3.jar cpe:/a:apache:commons_fileupload:1.3.3 commons-fileupload:commons-fileupload:1.3.3   0 LOW 23
commons-httpclient-20020423.jar cpe:/a:apache:commons-httpclient:-
cpe:/a:apache:httpclient:-
commons-httpclient:commons-httpclient:20020423   0 LOW 8
commons-io-2.4.jar commons-io:commons-io:2.4   0 21
commons-jxpath-1.3.jar commons-jxpath:commons-jxpath:1.3   0 20
commons-lang-2.4.jar commons-lang:commons-lang:2.4   0 20
commons-logging-1.1.3.jar commons-logging:commons-logging:1.1.3   0 21
commons-math-1.2.jar commons-math:commons-math:1.2   0 18
commons-net-1.4.1.jar commons-net:commons-net:1.4.1   0 15
commons-pool-1.4.jar commons-pool:commons-pool:1.4   0 19
commons-vfs-1.0.jar commons-vfs:commons-vfs:1.0   0 17
concurrent-1.3.4.jar concurrent:concurrent:1.3.4   0 12
jbehave-junit-runner-1.2.0.jar de.codecentric:jbehave-junit-runner:1.2.0   0 13
dom4j-1.6.1.jar cpe:/a:dom4j_project:dom4j:1.6.1 dom4j:dom4j:1.6.1 Medium 1 HIGHEST 16
eigenbase-properties-1.1.4.jar eigenbase:eigenbase-properties:1.1.4   0 14
eigenbase-resgen-1.3.5.jar eigenbase:eigenbase-resgen:1.3.5   0 14
eigenbase-xom-1.3.4.jar eigenbase:eigenbase-xom:1.3.4   0 14
hsqldb-1.8.0.10.jar hsqldb:hsqldb:1.8.0.10   0 12
cucumber-core-1.2.2.jar info.cukes:cucumber-core:1.2.2   0 9
cucumber-html-0.2.3.jar info.cukes:cucumber-html:0.2.3   0 7
cucumber-jvm-deps-1.0.3.jar   0 9
gherkin-2.12.2.jar info.cukes:gherkin:2.12.2   0 11
java-client-2.1.0.jar io.appium:java-client:2.1.0   0 11
netty-3.5.2.Final.jar cpe:/a:netty_project:netty:3.5.2 io.netty:netty:3.5.2.Final Medium 2 LOW 14
iText-4.2.0.jar iText:iText:4.2.0   0 9
javassist-3.12.1.GA.jar javassist:javassist:3.12.1.GA   0 10
activation-1.1.jar javax.activation:activation:1.1   0 14
javax.el-api-2.2.4.jar cpe:/a:oracle:glassfish:2.2.4 javax.el:javax.el-api:2.2.4 Medium 2 LOW 19
javax.inject-1.jar javax.inject:javax.inject:1   0 10
jcr-2.0.jar cpe:/a:content_project:content:2.0 javax.jcr:jcr:2.0 Medium 1 LOW 13
mail-1.4.7.jar cpe:/a:mail_project:mail:1.4.7 javax.mail:mail:1.4.7 Medium 1 LOW 23
javax.servlet-api-3.1.0.jar cpe:/a:oracle:glassfish:3.1.0 javax.servlet:javax.servlet-api:3.1.0 Medium 2 LOW 20
jstl-1.2.jar javax.servlet:jstl:1.2   0 11
jta-1.1.jar javax.transaction:jta:1.1   0 11
validation-api-1.1.0.Final.jar cpe:/a:bean_project:bean:7.x-1.1::~~~drupal~~ javax.validation:validation-api:1.1.0.Final Medium 1 HIGHEST 11
jsr311-api-1.1.1.jar javax.ws.rs:jsr311-api:1.1.1   0 15
jaxb-api-2.2.2.jar cpe:/a:fish:fish:2.2.2
cpe:/a:oracle:glassfish:2.2.2
javax.xml.bind:jaxb-api:2.2.2 Medium 2 LOW 13
stax-api-1.0-2.jar javax.xml.stream:stax-api:1.0-2   0 10
joda-time-2.7.jar cpe:/a:date_project:date:7.x-2.7::~~~drupal~~ joda-time:joda-time:2.7 Low 1 HIGHEST 20
jug-lgpl-2.0.0.jar jug-lgpl:jug-lgpl:2.0.0   0 10
log4j-1.2.14.jar cpe:/a:apache:log4j:1.2.14 log4j:log4j:1.2.14   0 LOW 12
mx4j-tools-3.0.1.jar mx4j:mx4j-tools:3.0.1   0 7
mysql-connector-java-5.1.17.jar cpe:/a:mysql:mysql:5.1.17
cpe:/a:oracle:connector/j:5.1.17
cpe:/a:oracle:mysql:5.1.17
cpe:/a:oracle:mysql_connector/j:5.1.17
cpe:/a:oracle:mysql_connectors:5.1.17
mysql:mysql-connector-java:5.1.17 High 393 HIGHEST 21
jna-platform-4.1.0.jar net.java.dev.jna:jna-platform:4.1.0   0 17
jna-4.1.0.jar net.java.dev.jna:jna:4.1.0   0 17
jna-4.1.0.jar: jnidispatch.dll   0 1
jna-4.1.0.jar: jnidispatch.dll   0 1
jna-4.1.0.jar: jnidispatch.dll   0 1
jcip-annotations-1.0.jar net.jcip:jcip-annotations:1.0   0 10
serenity-core-1.0.58.jar net.serenity-bdd:serenity-core:1.0.58   0 10
serenity-jbehave-1.0.23.jar net.serenity-bdd:serenity-jbehave:1.0.23   0 10
serenity-report-resources-1.0.58.jar net.serenity-bdd:serenity-report-resources:1.0.58   0 8
ehcache-core-2.5.1.jar net.sf.ehcache:ehcache-core:2.5.1   0 9
ehcache-core-2.5.1.jar: sizeof-agent.jar net.sf.ehcache:sizeof-agent:1.0.1   0 14
opencsv-2.0.jar net.sf.opencsv:opencsv:2.0   0 12
scannotation-1.0.2.jar org.scannotation:scannotation:1.0.2   0 11
cssparser-0.9.16.jar net.sourceforge.cssparser:cssparser:0.9.16   0 11
htmlcleaner-2.10.jar cpe:/a:htmlcleaner_project:htmlcleaner:2.10 net.sourceforge.htmlcleaner:htmlcleaner:2.10   0 LOW 9
htmlunit-core-js-2.17.jar net.sourceforge.htmlunit:htmlunit-core-js:2.17   0 12
htmlunit-2.17.jar net.sourceforge.htmlunit:htmlunit:2.17   0 18
jxl-2.6.12.jar net.sourceforge.jexcelapi:jxl:2.6.12   0 10
nekohtml-1.9.15.jar net.sourceforge.nekohtml:nekohtml:1.9.15   0 11
ognl-2.6.9.jar cpe:/a:ognl_project:ognl:2.6.9 ognl:ognl:2.6.9 Medium 1 LOW 10
antlr-complete-3.5.2.jar   0 10
ant-launcher-1.7.1.jar org.apache.ant:ant-launcher:1.7.1   0 12
ant-1.7.1.jar org.apache.ant:ant:1.7.1   0 13
axis2-kernel-1.5.jar cpe:/a:apache:axis2:1.5 org.apache.axis2:axis2-kernel:1.5 High 5 HIGHEST 13
commons-collections4-4.1.jar cpe:/a:apache:commons_collections:4.1 org.apache.commons:commons-collections4:4.1   0 LOW 23
commons-compress-1.4.1.jar cpe:/a:apache:commons-compress:1.4.1 org.apache.commons:commons-compress:1.4.1   0 LOW 23
commons-exec-1.3.jar org.apache.commons:commons-exec:1.3   0 23
commons-lang3-3.3.2.jar org.apache.commons:commons-lang3:3.3.2   0 22
commons-vfs2-2.1-20150824.jar org.apache.commons:commons-vfs2:2.1-SNAPSHOT   0 23
derby-10.5.3.0_1.jar cpe:/a:apache:derby:10.5.3.0.1 org.apache.derby:derby:10.5.3.0_1   0 LOW 12
org.osgi.core-1.0.0.jar org.apache.felix:org.osgi.core:1.0.0   0 18
httpclient-4.5.5.jar cpe:/a:apache:httpclient:4.5.5 org.apache.httpcomponents:httpclient:4.5.5   0 LOW 20
httpcore-4.3-alpha1.jar org.apache.httpcomponents:httpcore:4.3-alpha1   0 18
httpmime-4.4.1.jar cpe:/a:apache:httpclient:4.4.1 org.apache.httpcomponents:httpmime:4.4.1   0 LOW 19
jackrabbit-core-2.16.1.jar cpe:/a:apache:jackrabbit:2.16.1 org.apache.jackrabbit:jackrabbit-core:2.16.1   0 LOW 17
jackrabbit-data-2.10.0.jar cpe:/a:apache:jackrabbit:2.10.0 org.apache.jackrabbit:jackrabbit-data:2.10.0 Medium 2 HIGHEST 20
org.apache.karaf.main-3.0.3.jar cpe:/a:apache:karaf:3.0.3 org.apache.karaf:org.apache.karaf.main:3.0.3 High 5 HIGHEST 24
lucene-core-3.6.0.jar org.apache.lucene:lucene-core:3.6.0   0 15
fontbox-2.0.4.jar cpe:/a:font_project:font:2.0.4 org.apache.pdfbox:fontbox:2.0.4 Medium 1 LOW 22
pdfbox-app-2.0.0.jar cpe:/a:apache:pdfbox:2.0.0 org.apache.pdfbox:pdfbox-app:2.0.0 High 2 HIGHEST 21
poi-scratchpad-3.15.jar cpe:/a:apache:poi:3.15 org.apache.poi:poi-scratchpad:3.15   0 LOW 17
poi-3.17.jar cpe:/a:apache:poi:3.17 org.apache.poi:poi:3.17   0 LOW 17
xmlsec-1.4.4.jar cpe:/a:xmlsec_project:xmlsec:1.4.4 org.apache.santuario:xmlsec:1.4.4   0 LOW 13
tika-core-1.17.jar cpe:/a:apache:tika:1.17 org.apache.tika:tika-core:1.17 High 8 HIGHEST 25
xmlbeans-2.6.0.jar org.apache.xmlbeans:xmlbeans:2.6.0   0 13
batik-css-1.8.jar cpe:/a:apache:batik:1.8 org.apache.xmlgraphics:batik-css:1.8 High 2 HIGHEST 13
batik-extension-1.9.jar cpe:/a:apache:batik:1.9 org.apache.xmlgraphics:batik-extension:1.9 High 1 HIGHEST 14
fop-2.2.jar cpe:/a:apache:formatting_objects_processor:2.2 org.apache.xmlgraphics:fop:2.2   0 LOW 16
xmlgraphics-commons-2.2.jar org.apache.xmlgraphics:xmlgraphics-commons:2.2   0 16
asciidoctor-java-integration-0.1.3.jar org.asciidoctor:asciidoctor-java-integration:0.1.3   0 10
aspectjrt-1.6.6.jar org.aspectj:aspectjrt:1.6.6   0 12
bcpkix-jdk15on-1.48.jar org.bouncycastle:bcpkix-jdk15on:1.48   0 18
groovy-all-2.3.3.jar cpe:/a:apache:groovy:2.3.3 commons-cli:commons-cli:1.2 High 3 HIGHEST 23
groovy-2.3.9.jar cpe:/a:apache:groovy:2.3.9 commons-cli:commons-cli:1.2 High 3 HIGHEST 23
jackson-core-asl-1.9.2.jar cpe:/a:fasterxml:jackson:1.9.2 org.codehaus.jackson:jackson-core-asl:1.9.2   0 LOW 19
jackson-xc-1.9.2.jar cpe:/a:fasterxml:jackson-databind:1.9.2
cpe:/a:fasterxml:jackson:1.9.2
org.codehaus.jackson:jackson-xc:1.9.2 High 2 LOW 17
jettison-1.2.jar org.codehaus.jettison:jettison:1.2   0 13
plexus-utils-3.0.10.jar org.codehaus.plexus:plexus-utils:3.0.10   0 14
jetty-io-9.2.11.v20150529.jar org.eclipse.jetty:jetty-io:9.2.11.v20150529   0 19
jetty-util-8.1.15.v20140411.jar cpe:/a:eclipse:jetty:8.1.15.v20140411
cpe:/a:jetty:jetty:8.1.15.v20140411
org.eclipse.jetty:jetty-util:8.1.15.v20140411 High 4 LOW 20
websocket-api-9.2.11.v20150529.jar cpe:/a:eclipse:jetty:9.2.11.v20150529
cpe:/a:jetty:jetty:9.2.11.v20150529
org.eclipse.jetty.websocket:websocket-api:9.2.11.v20150529 High 4 LOW 18
fluentlenium-core-0.10.2.jar org.fluentlenium:fluentlenium-core:0.10.2   0 15
fontbox-0.1.0.jar cpe:/a:font_project:font:0.1.0 org.fontbox:fontbox:0.1.0 Medium 1 LOW 10
freemarker-2.3.21.jar org.freemarker:freemarker:2.3.21   0 21
webservices-api-2.1.jar   0 12
webservices-rt-2.1.jar   0 13
javax.el-2.2.4.jar cpe:/a:oracle:glassfish:2.2.4 org.glassfish.web:javax.el:2.2.4 Medium 2 LOW 20
hamcrest-all-1.3.jar com.thoughtworks.qdox:qdox:1.12   0 15
hamcrest-core-1.3.jar org.hamcrest:hamcrest-core:1.3   0 14
hamcrest-integration-1.3.jar org.hamcrest:hamcrest-integration:1.3   0 14
hamcrest-library-1.3.jar org.hamcrest:hamcrest-library:1.3   0 14
hibernate-commons-annotations-4.0.4.Final.jar cpe:/a:processing:processing:4.0.4 org.hibernate.common:hibernate-commons-annotations:4.0.4.Final   0 LOW 17
hibernate-core-4.3.5.Final.jar org.hibernate:hibernate-core:4.3.5.Final   0 18
hibernate-ehcache-3.6.0.Final.jar org.hibernate:hibernate-ehcache:3.6.0.Final   0 17
hibernate-validator-5.1.1.Final.jar cpe:/a:hibernate:hibernate_validator:5.1 org.hibernate:hibernate-validator:5.1.1.Final Medium 1 HIGHEST 20
hibernate-jpa-2.1-api-1.0.0.Final.jar org.hibernate.javax.persistence:hibernate-jpa-2.1-api:1.0.0.Final   0 14
ini4j-0.5.2.jar org.ini4j:ini4j:0.5.2   0 10
cas-client-core-3.3.2.jar org.jasig.cas.client:cas-client-core:3.3.2   0 15
javassist-3.20.0-GA.jar org.javassist:javassist:3.20.0-GA   0 15
jbehave-core-3.9.3.jar org.jbehave:jbehave-core:3.9.3   0 12
jandex-1.1.0.Final.jar org.jboss:jandex:1.1.0.Final   0 16
jboss-logging-annotations-1.2.0.Beta1.jar org.jboss.logging:jboss-logging-annotations:1.2.0.Beta1   0 18
jboss-logging-3.1.3.GA.jar org.jboss.logging:jboss-logging:3.1.3.GA   0 26
jboss-transaction-api_1.2_spec-1.0.0.Final.jar org.jboss.spec.javax.transaction:jboss-transaction-api_1.2_spec:1.0.0.Final   0 22
jdom2-2.0.5.jar org.jdom:jdom2:2.0.5   0 32
jdom-1.1.jar org.jdom:jdom:1.1   0 30
jempbox-0.2.0.jar org.jempbox:jempbox:0.2.0   0 10
jruby-complete-1.7.4.jar cpe:/a:jruby:jruby:1.7.4 Medium 1 LOW 13
jruby-complete-1.7.4.jar: jffi-1.2.dll   0 2
jruby-complete-1.7.4.jar: jffi-1.2.dll   0 2
jruby-complete-1.7.4.jar: jrubyw.exe   0 1
jruby-complete-1.7.4.jar: generator.jar   0 3
jruby-complete-1.7.4.jar: parser.jar   0 3
jruby-complete-1.7.4.jar: bcpkix-jdk15on-147.jar   0 13
jruby-complete-1.7.4.jar: bcprov-jdk15on-147.jar   0 13
jruby-complete-1.7.4.jar: jopenssl.jar cpe:/a:openssl:openssl:-
cpe:/a:openssl_project:openssl:-
High 75 LOW 4
jruby-complete-1.7.4.jar: kryptcore.jar   0 5
jruby-complete-1.7.4.jar: kryptproviderjdk.jar   0 5
jruby-complete-1.7.4.jar: jansi.dll   0 1
jruby-complete-1.7.4.jar: jansi.dll   0 1
mimepull-1.9.4.jar org.jvnet.mimepull:mimepull:1.9.4   0 22
mockito-all-1.8.5.jar org.mockito:mockito-all:1.8.5   0 11
servlet-api-2.5-6.1.9.jar cpe:/a:jetty:jetty:6.1.9
cpe:/a:mortbay:jetty:6.1.9
cpe:/a:mortbay_jetty:jetty:6.1.9
org.mortbay.jetty:servlet-api-2.5:6.1.9 High 7 HIGHEST 20
rhino-1.7R5.jar org.mozilla:rhino:1.7R5   0 15
jmi-200507110943.jar org.netbeans:jmi:200507110943   0 10
jmiutils-200507110943.jar org.netbeans:jmiutils:200507110943   0 11
mdrapi-200507110943.jar org.netbeans:mdrapi:200507110943   0 10
mof-200507110943.jar org.netbeans:mof:200507110943   0 10
nbmdr-200507110943-custom.jar org.netbeans:nbmdr:200507110943-custom   0 9
openide-util-200507110943.jar org.netbeans:openide-util:200507110943   0 8
objenesis-2.1.jar org.objenesis:objenesis:2.1   0 20
olap4j-xmla-TRUNK-SNAPSHOT.jar org.olap4j:olap4j-xmla:TRUNK-SNAPSHOT   0 10
olap4j-xmlaserver-1.2.0.jar cpe:/a:connections_project:connections:1.2.0 org.olap4j:olap4j-xmlaserver:1.2.0   0 LOW 15
olap4j-TRUNK-SNAPSHOT.jar org.olap4j:olap4j:TRUNK-SNAPSHOT   0 8
opensaml-2.5.1-1.jar cpe:/a:internet2:opensaml:2.5.1.1 org.opensaml:opensaml:2.5.1-1   0 LOW 17
openws-1.4.2-1.jar cpe:/a:ws_project:ws:1.4.2.1 org.opensaml:openws:1.4.2-1   0 LOW 19
xmltooling-1.3.2-1.jar cpe:/a:internet2:xmltooling:1.3.2.1
cpe:/a:xmltooling_project:xmltooling:1.3.2.1
org.opensaml:xmltooling:1.3.2-1 Medium 1 LOW 15
asm-5.0.3.jar org.ow2.asm:asm:5.0.3   0 16
encoder-1.2.jar org.owasp.encoder:encoder:1.2   0 12
esapi-2.0GA.jar cpe:/a:owasp:enterprise_security_api:2.0ga org.owasp.esapi:esapi:2.0GA   0 LOW 17
pentaho-vfs-1.0.jar org.pentaho:pentaho-vfs:1.0   0 7
libbase-7.1.0.0-12.jar org.pentaho.reporting.library:libbase:7.1.0.0-12   0 20
libformula-7.1.0.0-12.jar org.pentaho.reporting.library:libformula:7.1.0.0-12   0 20
quartz-1.7.2.jar org.quartz-scheduler:quartz:1.7.2   0 10
reflections-0.9.8.jar org.reflections:reflections:0.9.8   0 12
saiku-query-0.4-SNAPSHOT.jar org.saiku:saiku-query:0.4-SNAPSHOT   0 11
jcifs-1.3.3.jar cpe:/a:samba:samba:1.3.3 org.samba.jcifs:jcifs:1.3.3 High 22 LOW 10
scannotation-1.0.2.jar org.scannotation:scannotation:1.0.2   0 10
jetty-rc-repacked-5.jar cpe:/a:jetty:jetty:- org.seleniumhq.selenium:jetty-rc-repacked:5   0 LOW 11
jetty-repacked-7.6.1.jar cpe:/a:jetty:jetty:7.6.1   0 LOW 7
selenium-api-2.46.0.jar org.seleniumhq.selenium:selenium-api:2.46.0   0 11
selenium-chrome-driver-2.46.0.jar cpe:/a:selenium-chromedriver_project:selenium-chromedriver:2.46.0 org.seleniumhq.selenium:selenium-chrome-driver:2.46.0 High 1 LOW 12
selenium-firefox-driver-2.46.0.jar org.seleniumhq.selenium:selenium-firefox-driver:2.46.0   0 12
selenium-htmlunit-driver-2.46.0.jar org.seleniumhq.selenium:selenium-htmlunit-driver:2.46.0   0 12
selenium-ie-driver-2.46.0.jar org.seleniumhq.selenium:selenium-ie-driver:2.46.0   0 12
selenium-java-2.46.0.jar org.seleniumhq.selenium:selenium-java:2.46.0   0 9
selenium-leg-rc-2.46.0.jar org.seleniumhq.selenium:selenium-leg-rc:2.46.0   0 13
selenium-remote-driver-2.46.0.jar org.seleniumhq.selenium:selenium-remote-driver:2.46.0   0 12
selenium-safari-driver-2.46.0.jar org.seleniumhq.selenium:selenium-safari-driver:2.46.0   0 12
selenium-server-2.46.0.jar org.seleniumhq.selenium:selenium-server:2.46.0   0 12
selenium-server-2.46.0.jar: readystate.jar   0 1
selenium-server-2.46.0.jar: hudsuckr.exe   0 1
selenium-support-2.46.0.jar org.seleniumhq.selenium:selenium-support:2.46.0   0 12
jcl-over-slf4j-1.7.7.jar org.slf4j:jcl-over-slf4j:1.7.7   0 17
jul-to-slf4j-1.6.1.jar org.slf4j:jul-to-slf4j:1.6.1   0 14
slf4j-api-1.6.4.jar org.slf4j:slf4j-api:1.6.4   0 17
slf4j-log4j12-1.6.4.jar org.slf4j:slf4j-log4j12:1.6.4   0 17
se-jcr-0.9.jar cpe:/a:pivotal:spring_framework:0.9
cpe:/a:pivotal_software:spring_framework:0.9
cpe:/a:springsource:spring_framework:0.9
cpe:/a:vmware:springsource_spring_framework:0.9
org.springframework:se-jcr:0.9 High 10 LOW 15
spring-security-cas-4.0.1.RELEASE.jar org.springframework.security:spring-security-cas:4.0.1.RELEASE   0 12
spring-security-config-4.0.1.RELEASE.jar org.springframework.security:spring-security-config:4.0.1.RELEASE   0 12
spring-security-core-4.1.3.RELEASE.jar org.springframework.security:spring-security-core:4.1.3.RELEASE   0 12
spring-security-web-4.0.1.RELEASE.jar org.springframework.security:spring-security-web:4.0.1.RELEASE   0 12
spring-context-support-4.1.6.RELEASE.jar cpe:/a:context_project:context:4.1.6
cpe:/a:pivotal:spring_framework:4.1.6
cpe:/a:pivotal_software:spring_framework:4.1.6
cpe:/a:springsource:spring_framework:4.1.6
cpe:/a:vmware:springsource_spring_framework:4.1.6
org.springframework:spring-context-support:4.1.6.RELEASE High 6 HIGHEST 16
spring-core-4.1.6.RELEASE.jar cpe:/a:pivotal:spring_framework:4.1.6
cpe:/a:pivotal_software:spring_framework:4.1.6
cpe:/a:springsource:spring_framework:4.1.6
cpe:/a:vmware:springsource_spring_framework:4.1.6
org.springframework:spring-core:4.1.6.RELEASE High 6 HIGHEST 16
spring-expression-4.3.2.RELEASE.jar cpe:/a:pivotal:spring_framework:4.3.2
cpe:/a:pivotal_software:spring_framework:4.3.2
cpe:/a:springsource:spring_framework:4.3.2
cpe:/a:vmware:springsource_spring_framework:4.3.2
org.springframework:spring-expression:4.3.2.RELEASE High 10 HIGHEST 16
spring-binding-2.4.4.RELEASE.jar org.springframework.webflow:spring-binding:2.4.4.RELEASE   0 12
sac-1.3.jar org.w3c.css:sac:1.3   0 14
webbit-0.4.14.jar cpe:/a:id:id-software:0.4.14 org.webbitserver:webbit:0.4.14   0 LOW 10
snakeyaml-1.7.jar org.yaml:snakeyaml:1.7   0 11
oro-2.0.8.jar oro:oro:2.0.8   0 8
kettle-core-7.1.0.0-12.jar cpe:/a:pentaho:data_integration:7.1.0.0.12 pentaho-kettle:kettle-core:7.1.0.0-12   0 LOW 10
kettle-engine-7.1.0.0-12.jar cpe:/a:pentaho:data_integration:7.1.0.0.12 pentaho-kettle:kettle-engine:7.1.0.0-12   0 LOW 10
cpf-core-7.1.0.0-12.jar pentaho:cpf-core:7.1.0.0-12   0 13
cpf-pentaho-7.1.0.0-12.jar pentaho:cpf-pentaho:7.1.0.0-12   0 13
metastore-7.1.0.0-12.jar pentaho:metastore:7.1.0.0-12   0 17
mondrian-3.11.0.0-353.jar pentaho:mondrian:3.11.0.0-353   0 9
pentaho-concurrent-1.0.0.jar cpe:/a:id:id-software:1.0.0 pentaho:pentaho-concurrent:1.0.0   0 LOW 16
pentaho-connections-7.1.0.0-12.jar cpe:/a:connections_project:connections:7.1.0.0.12 pentaho:pentaho-connections:7.1.0.0-12   0 LOW 17
pentaho-cwm-1.5.4.jar pentaho:pentaho-cwm:1.5.4   0 8
pentaho-metadata-7.1.0.0-12.jar pentaho:pentaho-metadata:7.1.0.0-12   0 17
pentaho-platform-api-5.0.0.jar pentaho:pentaho-platform-api:5.0.0   0 7
pentaho-platform-core-5.0.0.jar pentaho:pentaho-platform-core:5.0.0   0 7
pentaho-platform-extensions-5.0.0.jar pentaho:pentaho-platform-extensions:5.0.0   0 7
pentaho-platform-repository-7.1.0.0-12.jar pentaho:pentaho-platform-repository:7.1.0.0-12   0 13
pentaho-registry-7.1.0.0-12.jar pentaho:pentaho-registry:7.1.0.0-12   0 8
simple-jndi-1.0.0.jar pentaho:simple-jndi:1.0.0   0 14
secondstring-20060615.jar secondstring:secondstring:20060615   0 8
stax-api-1.0.1.jar cpe:/a:st_project:st:1.0.1 stax:stax-api:1.0.1 Medium 1 LOW 13
velocity-1.5.jar velocity:velocity:1.5   0 17
wsdl4j-1.6.2.jar wsdl4j:wsdl4j:1.6.2   0 12
xalan-2.7.0.jar cpe:/a:apache:xalan-java:2.7.0 xalan:xalan:2.7.0 High 1 HIGHEST 18
xercesImpl-2.8.1.jar cpe:/a:apache:xerces2_java:2.8.1 xerces:xercesImpl:2.8.1 High 1 LOW 39
xml-apis-ext-1.3.04.jar xml-apis:xml-apis-ext:1.3.04   0 19
xml-apis-1.3.04.jar xml-apis:xml-apis:1.3.04   0 36
xml-resolver-1.2.jar xml-resolver:xml-resolver:1.2   0 12
xmlpull-1.1.3.1.jar xmlpull:xmlpull:1.1.3.1   0 9
xpp3_min-1.1.4c.jar xpp3:xpp3_min:1.1.4c   0 12
clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-api/pom.xml com.atlassian.extras:atlassian-extras-api:2.5   0 6
clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-common/pom.xml com.atlassian.extras:atlassian-extras-common:2.5   0 6
clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-core/pom.xml com.atlassian.extras:atlassian-extras-core:2.5   0 6
clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-decoder-api/pom.xml com.atlassian.extras:atlassian-extras-decoder-api:2.5   0 6
clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-decoder-v2/pom.xml com.atlassian.extras:atlassian-extras-decoder-v2:2.5   0 6
clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-legacy/pom.xml com.atlassian.extras:atlassian-extras-legacy:2.5   0 6
clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras/pom.xml com.atlassian.extras:atlassian-extras:2.5   0 6
clover-3.3.0.jar\META-INF/maven/commons-codec/commons-codec/pom.xml commons-codec:commons-codec:1.5   0 9
clover-3.3.0.jar\META-INF/maven/commons-lang/commons-lang/pom.xml commons-lang:commons-lang:2.6   0 9
clover-3.3.0.jar\META-INF/maven/com.google.code.gson/gson/pom.xml com.google.code.gson:gson:1.3   0 6
hazelcast-3.6.2.jar\META-INF/maven/com.hazelcast/hazelcast/pom.xml cpe:/a:root:root:3.6.2 com.hazelcast:hazelcast:3.6.2   0 LOW 7
hazelcast-3.6.2.jar\META-INF/maven/com.eclipsesource.minimal-json/minimal-json/pom.xml com.eclipsesource.minimal-json:minimal-json:0.9.2-SNAPSHOT   0 6
hazelcast-3.6.2.jar\META-INF/maven/com.hazelcast/hazelcast-client-protocol/pom.xml com.hazelcast:hazelcast-client-protocol:1.0.0   0 7
cucumber-jvm-deps-1.0.3.jar\META-INF/maven/info.cukes/cucumber-jvm-deps/pom.xml info.cukes:cucumber-jvm-deps:1.0.3   0 5
cucumber-jvm-deps-1.0.3.jar\META-INF/maven/com.thoughtworks.xstream/xstream/pom.xml cpe:/a:xstream_project:xstream:1.4.2 com.thoughtworks.xstream:xstream:1.4.2 Medium 2 LOW 6
cucumber-jvm-deps-1.0.3.jar\META-INF/maven/com.googlecode.java-diff-utils/diffutils/pom.xml com.googlecode.java-diff-utils:diffutils:1.2.1   0 6
antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/antlr-complete/pom.xml org.antlr:antlr-complete:3.5.2   0 8
antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/antlr/pom.xml org.antlr:antlr:3.5.2   0 7
antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/ST4/pom.xml org.antlr:ST4:4.0.8   0 6
antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/antlr-runtime/pom.xml cpe:/a:python:python:3.5.2
cpe:/a:python_software_foundation:python:3.5.2
org.antlr:antlr-runtime:3.5.2 High 10 HIGHEST 8
antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/gunit/pom.xml org.antlr:gunit:3.5.2   0 8
antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/stringtemplate/pom.xml org.antlr:stringtemplate:3.2.1   0 6
webservices-api-2.1.jar\META-INF/maven/org.glassfish.metro/webservices-api/pom.xml org.glassfish.metro:webservices-api:2.1   0 7
webservices-api-2.1.jar\META-INF/maven/javax.xml.soap/saaj-api/pom.xml javax.xml.soap:saaj-api:1.3.2   0 5
webservices-api-2.1.jar\META-INF/maven/org.glassfish/javax.annotation/pom.xml org.glassfish:javax.annotation:3.1-b35   0 7
webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/webservices-rt/pom.xml org.glassfish.metro:webservices-rt:2.1   0 7
webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/wsit-api/pom.xml org.glassfish.metro:wsit-api:2.1   0 7
webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-commons/pom.xml org.glassfish.metro:metro-commons:2.1   0 6
webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-config-api/pom.xml org.glassfish.metro:metro-config-api:2.1   0 6
webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-runtime-api/pom.xml org.glassfish.metro:metro-runtime-api:2.1   0 6
webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/soaptcp-api/pom.xml org.glassfish.metro:soaptcp-api:2.1   0 6
webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-cm-api/pom.xml cpe:/a:cm_project:cm:2.1 org.glassfish.metro:metro-cm-api:2.1 Medium 1 LOW 6
webservices-rt-2.1.jar\META-INF/maven/com.sun.xml.messaging.saaj/saaj-impl/pom.xml com.sun.xml.messaging.saaj:saaj-impl:1.3.8   0 7
webservices-rt-2.1.jar\META-INF/maven/org.jvnet/mimepull/pom.xml org.jvnet:mimepull:1.4   0 7
webservices-rt-2.1.jar\META-INF/maven/org.jvnet.staxex/stax-ex/pom.xml cpe:/a:st_project:st:1.2.1 org.jvnet.staxex:stax-ex:1.2 Medium 1 LOW 6
webservices-rt-2.1.jar\META-INF/maven/com.sun.xml.ws/policy/pom.xml cpe:/a:ws_project:ws:2.2.2 com.sun.xml.ws:policy:2.2.2   0 LOW 7
webservices-rt-2.1.jar\META-INF/maven/org.glassfish.ha/ha-api/pom.xml cpe:/a:fish:fish:3.1.8 org.glassfish.ha:ha-api:3.1.8   0 LOW 4
webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/wsit-impl/pom.xml org.glassfish.metro:wsit-impl:2.1   0 7
webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-config-impl/pom.xml org.glassfish.metro:metro-config-impl:2.1   0 6
webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-runtime-impl/pom.xml org.glassfish.metro:metro-runtime-impl:2.1   0 6
webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/soaptcp-impl/pom.xml org.glassfish.metro:soaptcp-impl:2.1   0 6
webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/xmlfilter/pom.xml org.glassfish.metro:xmlfilter:2.1   0 6
webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/ws-mex/pom.xml cpe:/a:ws_project:ws:2.1 org.glassfish.metro:ws-mex:2.1   0 LOW 6
jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jffi/pom.xml com.github.jnr:jffi:1.2.7   0 6
jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-constants/pom.xml cpe:/a:values_project:values:0.8.4 com.github.jnr:jnr-constants:0.8.4   0 LOW 6
jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-enxio/pom.xml com.github.jnr:jnr-enxio:0.4   0 6
jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-ffi/pom.xml com.github.jnr:jnr-ffi:1.0.4   0 6
jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-netdb/pom.xml com.github.jnr:jnr-netdb:1.1.2   0 6
jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-posix/pom.xml com.github.jnr:jnr-posix:2.5.3-SNAPSHOT   0 5
jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-unixsocket/pom.xml com.github.jnr:jnr-unixsocket:0.3   0 6
jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-x86asm/pom.xml com.github.jnr:jnr-x86asm:1.0.2   0 6
jruby-complete-1.7.4.jar\META-INF/maven/com.headius/invokebinder/pom.xml com.headius:invokebinder:1.2   0 5
jruby-complete-1.7.4.jar\META-INF/maven/com.jcraft/jzlib/pom.xml cpe:/a:jcraft:jzlib:1.1.2 com.jcraft:jzlib:1.1.2   0 LOW 8
jruby-complete-1.7.4.jar\META-INF/maven/jline/jline/pom.xml jline:jline:2.7   0 4
jruby-complete-1.7.4.jar\META-INF/maven/joda-time/joda-time/pom.xml cpe:/a:date_project:date:2.2 joda-time:joda-time:2.2 Low 1 LOW 8
jruby-complete-1.7.4.jar\META-INF/maven/org.jruby.joni/joni/pom.xml cpe:/a:oniguruma_project:oniguruma:2.0.0 org.jruby.joni:joni:2.0.0   0 LOW 5
jruby-complete-1.7.4.jar\META-INF/maven/org.yaml/snakeyaml/pom.xml org.yaml:snakeyaml:1.11   0 6
jetty-repacked-7.6.1.jar\META-INF/maven/org.eclipse.jetty/jetty-http/pom.xml cpe:/a:eclipse:jetty:7.6.1.v20120215
cpe:/a:jetty:jetty:7.6.1.v20120215
org.eclipse.jetty:jetty-http:7.6.1.v20120215 High 4 LOW 6
jetty-repacked-7.6.1.jar\META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml org.eclipse.jetty:jetty-io:7.6.1.v20120215   0 6

Dependencies

saiku-olap-util-3.17.jar

File Path: D:\eclipsmy\worplace\saikumysql\saiku-development\saiku-core\saiku-olap-util\target\saiku-olap-util-3.17.jar
MD5: 0dc4f07a7cfe169a4f8e5a0ed4a78c43
SHA1: ecc558e41255126cda402aa6618a3065889975c0
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.saikuanalytics:saiku-olap-util:3.17   Confidence:HIGH

saiku-service-3.17.jar

File Path: D:\eclipsmy\worplace\saikumysql\saiku-development\saiku-core\saiku-service\target\saiku-service-3.17.jar
MD5: 29d1f6c915f7a876cbc9c4503589f330
SHA1: c5042c3ac2a721eaa60710f1c5cf9b1254382cbd
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.saikuanalytics:saiku-service:3.17   Confidence:HIGH

saiku-web-3.17.jar

File Path: D:\eclipsmy\worplace\saikumysql\saiku-development\saiku-core\saiku-web\target\saiku-web-3.17.jar
MD5: 9214e3c9069e3d2bc103a904d8aa9d00
SHA1: ee470ad97bef94af70328dbef04fc1de5523f85c
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.saikuanalytics:saiku-web:3.17   Confidence:HIGH

antlr-2.7.7.jar

Description:  A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.

License:

BSD License: http://www.antlr.org/license.html
File Path: D:\maven\repository\antlr\antlr\2.7.7\antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: antlr:antlr:2.7.7   Confidence:HIGH

aopalliance-1.0.jar

Description: AOP Alliance

License:

Public Domain
File Path: D:\maven\repository\aopalliance\aopalliance\1.0\aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: aopalliance:aopalliance:1.0   Confidence:HIGH

asm-attrs-2.2.3.jar

File Path: D:\maven\repository\asm\asm-attrs\2.2.3\asm-attrs-2.2.3.jar
MD5: f51584eaabd593a890ed13cea1e53d2f
SHA1: 65e5dacf38bd7c6035074c78a03f8d3c94f28f6a
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: asm:asm-attrs:2.2.3   Confidence:HIGH

asm-3.1.jar

File Path: D:\maven\repository\asm\asm\3.1\asm-3.1.jar
MD5: b9b8d2d556f9458aac8c463fd511f86d
SHA1: c157def142714c544bdea2e6144645702adf7097
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: asm:asm:3.1   Confidence:HIGH

avalon-framework-api-4.2.0.jar

File Path: D:\maven\repository\avalon-framework\avalon-framework-api\4.2.0\avalon-framework-api-4.2.0.jar
MD5: c6355b5d948ebd104f9686530a4efc3a
SHA1: 29a13fafd448b8357934283b73785bbab7124e8d
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: avalon-framework:avalon-framework-api:4.2.0   Confidence:HIGH

avalon-framework-impl-4.2.0.jar

File Path: D:\maven\repository\avalon-framework\avalon-framework-impl\4.2.0\avalon-framework-impl-4.2.0.jar
MD5: 5c1f8f5c8c6c043538fc4ea038c2aaf6
SHA1: 4da1db18947eb6950abb7ad79253011b9aec0e48
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: avalon-framework:avalon-framework-impl:4.2.0   Confidence:HIGH

licenseserver-core-1.0-SNAPSHOT.jar

File Path: D:\maven\repository\bi\meteorite\licenseserver-core\1.0-SNAPSHOT\licenseserver-core-1.0-SNAPSHOT.jar
MD5: c6b459648dbdee6aa45bf9b5a5eac8f3
SHA1: 91facd918cf1ce9328a0a474cdf773fb95330f31
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: bi.meteorite:licenseserver-core:1.0-SNAPSHOT   Confidence:HIGH

not-yet-commons-ssl-0.3.9.jar

Description: A Java SSL component library

License:

Apache License v2: http://juliusdavies.ca/commons-ssl/LICENSE.txt
File Path: D:\maven\repository\ca\juliusdavies\not-yet-commons-ssl\0.3.9\not-yet-commons-ssl-0.3.9.jar
MD5: 478a6177330a0098435828a8409f49c1
SHA1: e20f0960c000681c91d00de846a43cf2051b8f69
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: ca.juliusdavies:not-yet-commons-ssl:0.3.9   Confidence:HIGH
  • cpe: cpe:/a:not_yet_commons_ssl_project:not_yet_commons_ssl:0.3.9   Confidence:LOW   

CVE-2014-3604  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-310 Cryptographic Issues

Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Vulnerable Software & Versions:

cglib-nodep-2.2.jar

Description: Code generation library with shaded ASM dependecies

License:

ASF 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\cglib\cglib-nodep\2.2\cglib-nodep-2.2.jar
MD5: 753f4e9036e1fc6c3e07d3ab97ee6722
SHA1: 59afed7ab65e7ec6585d5bc60556c3cbd203532b
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: cglib:cglib-nodep:2.2   Confidence:HIGH

cglib-2.2.jar

License:

ASF 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\cglib\cglib\2.2\cglib-2.2.jar
MD5: 54bd85d9ebe3f194edba210fe0e5f255
SHA1: 97d03461dc1c04ffc636dcb2579aae7724a78ef2
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: cglib:cglib:2.2   Confidence:HIGH

jcommander-1.30.jar

Description: A Java framework to parse command line options with annotations.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\com\beust\jcommander\1.30\jcommander-1.30.jar
MD5: 191ccbfc9d40670e9103df722529ae16
SHA1: c440b30a944ba199751551aee393f8aa03b3c327
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.beust:jcommander:1.30   Confidence:HIGH

clover-3.3.0.jar

File Path: D:\maven\repository\com\cenqua\clover\clover\3.3.0\clover-3.3.0.jar
MD5: f56c176f10c30bf97d0ca6a7147b08e9
SHA1: 0611f5503f37cab7b57a4fe02832f0382a7a6240
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

clover-3.3.0.jar: grover.jar

File Path: D:\maven\repository\com\cenqua\clover\clover\3.3.0\clover-3.3.0.jar\embeddedjars\clover3.3.0\grover.jar
MD5: 12a0d595de6795ca20e690ec97d665c0
SHA1: 817b4654e7e9a6ce563ce65bd5bb648fbb1f8e4e
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

phantomjsdriver-1.2.1.jar

Description:  PhantomJSDriver is a Java binding for the PhantomJS WebDriver, GhostDriver. The binding is developed within the GhostDriver project, and distributed through public Maven repository and Selenium official .zip package.

License:

The BSD 2-Clause License: http://opensource.org/licenses/BSD-2-Clause
File Path: D:\maven\repository\com\codeborne\phantomjsdriver\1.2.1\phantomjsdriver-1.2.1.jar
MD5: 99bbea026ae4b67fb0af8ef7b56e678c
SHA1: c5106c0223512a467c03b26f8a31e4027ddaa495
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.codeborne:phantomjsdriver:1.2.1   Confidence:HIGH

classmate-1.0.0.jar

Description: Library for introspecting types with full generic information including resolving of field and method types.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\com\fasterxml\classmate\1.0.0\classmate-1.0.0.jar
MD5: 302e84ce2112b147818c62a807c54999
SHA1: 434efef28c81162b17c540e634cffa3bd9b09b4c
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.fasterxml:classmate:1.0.0   Confidence:HIGH

jackson-core-2.5.1.jar

Description: Core Jackson abstractions, basic JSON streaming API implementation

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\com\fasterxml\jackson\core\jackson-core\2.5.1\jackson-core-2.5.1.jar
MD5: 35e7f4a5419caff472c240fbed3f3416
SHA1: e2a00ad1d7e540ec395e9296a34da484c8888d4d
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.fasterxml.jackson.core:jackson-core:2.5.1   Confidence:HIGH
  • cpe: cpe:/a:fasterxml:jackson:2.5.1   Confidence:LOW   

jackson-databind-2.5.1.jar

Description: General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\com\fasterxml\jackson\core\jackson-databind\2.5.1\jackson-databind-2.5.1.jar
MD5: e8a1ef71092b16268d892474167dbcd4
SHA1: 5e57baebad3898aca8a825adaf2be6fd189442f2
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.fasterxml.jackson.core:jackson-databind:2.5.1   Confidence:HIGH
  • cpe: cpe:/a:fasterxml:jackson-databind:2.5.1   Confidence:HIGHEST   
  • cpe: cpe:/a:fasterxml:jackson:2.5.1   Confidence:LOW   

CVE-2018-7489  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-184 Incomplete Blacklist

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.

Vulnerable Software & Versions: (show all)

CVE-2018-5968  

Severity: Medium
CVSS Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-184 Incomplete Blacklist

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

Vulnerable Software & Versions: (show all)

CVE-2018-19362  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-19361  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-19360  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-14721  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-918 Server-Side Request Forgery (SSRF)

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-14720  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-14719  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

Vulnerable Software & Versions: (show all)

CVE-2018-1000873  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.

Vulnerable Software & Versions: (show all)

CVE-2017-7525  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Vulnerable Software & Versions: (show all)

CVE-2017-17485  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

Vulnerable Software & Versions: (show all)

CVE-2017-15095  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.

Vulnerable Software & Versions: (show all)

curvesapi-1.04.jar

Description: Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS.

License:

BSD License: http://opensource.org/licenses/BSD-3-Clause
File Path: D:\maven\repository\com\github\virtuald\curvesapi\1.04\curvesapi-1.04.jar
MD5: 0dcbd9b7e498d1118c920d1d55046743
SHA1: 3386abf821719bc89c7685f9eaafaf4a842f0199
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.github.virtuald:curvesapi:1.04   Confidence:HIGH

gson-2.3.1.jar

Description: Google Gson library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\com\google\code\gson\gson\2.3.1\gson-2.3.1.jar
MD5: e16b1b8fca0980263f764f633ec91dd6
SHA1: ecb6e1f8e4b0e84c4b886c2f14a1500caf309757
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.google.code.gson:gson:2.3.1   Confidence:HIGH

guava-17.0.jar

Description:  Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\com\google\guava\guava\17.0\guava-17.0.jar
MD5: 89fef81c2adfa9b50a64ed5cd5d8c155
SHA1: 9c6ef172e8de35fd8d4d8783e4821e57cdef7445
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.google.guava:guava:17.0   Confidence:HIGH
  • cpe: cpe:/a:google:guava:17.0   Confidence:HIGHEST   

CVE-2018-10237  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Vulnerable Software & Versions: (show all)

gwt-servlet-2.5.1.jar

File Path: D:\maven\repository\com\google\gwt\gwt-servlet\2.5.1\gwt-servlet-2.5.1.jar
MD5: 2b97687f71e3e217ba3cc4b1e739f84a
SHA1: 7b5c8c363c8afea7ba4090166f9c8db35e51b77b
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.google.gwt:gwt-servlet:2.5.1   Confidence:HIGH

guice-3.0.jar

Description: Guice is a lightweight dependency injection framework for Java 5 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\com\google\inject\guice\3.0\guice-3.0.jar
MD5: ca1c7ba366884cfcd2cfb48d2395c400
SHA1: 9d84f15fe35e2c716a02979fb62f50a29f38aefa
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.google.inject:guice:3.0   Confidence:HIGH

protobuf-java-2.4.1.jar

Description:  Protocol Buffers are a way of encoding structured data in an efficient yet extensible format.

License:

New BSD license: http://www.opensource.org/licenses/bsd-license.php
File Path: D:\maven\repository\com\google\protobuf\protobuf-java\2.4.1\protobuf-java-2.4.1.jar
MD5: 1253f05305eed82f6aae1d8c8aad43da
SHA1: 0c589509ec6fd86d5d2fda37e07c08538235d3b9
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.google.protobuf:protobuf-java:2.4.1   Confidence:HIGH
  • cpe: cpe:/a:google:protobuf:2.4.1   Confidence:HIGHEST   

json-simple-1.1.1.jar

Description: A simple Java toolkit for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\com\googlecode\json-simple\json-simple\1.1.1\json-simple-1.1.1.jar
MD5: 5cc2c478d73e8454b4c369cee66c5bc7
SHA1: c9ad4a0850ab676c5c64461a05ca524cdfff59f1
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.googlecode.json-simple:json-simple:1.1.1   Confidence:HIGH

lambdaj-2.3.3.jar

Description: The pseudo-functional collection manipulation library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\com\googlecode\lambdaj\lambdaj\2.3.3\lambdaj-2.3.3.jar
MD5: 0866c6cda8042eea3d07cef4e3ef2519
SHA1: 7dee2fb62ef89f1bd5ccaf3c8628f61f80b22054
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.googlecode.lambdaj:lambdaj:2.3.3   Confidence:HIGH

h2-1.4.188.jar

Description: H2 Database Engine

License:

MPL 2.0, and EPL 1.0: http://h2database.com/html/license.html
File Path: D:\maven\repository\com\h2database\h2\1.4.188\h2-1.4.188.jar
MD5: 254f140425832b66c87fa1ec5d0e51d2
SHA1: a955e0f5598a7bc9df5c7b5c3ab31ffd350a035e
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.h2database:h2:1.4.188   Confidence:HIGH
  • cpe: cpe:/a:h2database:h2:1.4.188   Confidence:LOW   

hazelcast-wm-3.6.2.jar

Description: Hazelcast In-Memory DataGrid

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\com\hazelcast\hazelcast-wm\3.6.2\hazelcast-wm-3.6.2.jar
MD5: bd61cb6eccc0d104985a3f2b78dec5da
SHA1: 1f5f1934aab0d4fbb5270f74ad039fc2926fa787
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.hazelcast:hazelcast-wm:3.6.2   Confidence:HIGH

hazelcast-3.6.2.jar

Description: Core Hazelcast Module

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\com\hazelcast\hazelcast\3.6.2\hazelcast-3.6.2.jar
MD5: 59a287df990b276ec64429e3f33c7bc4
SHA1: ab0b7196bf994896e2ac0c693d5f835990326d7c
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

awaitility-1.6.3.jar

Description: A Java DSL for synchronizing asynchronous operations

File Path: D:\maven\repository\com\jayway\awaitility\awaitility\1.6.3\awaitility-1.6.3.jar
MD5: 5e90fc070d98a398cdd42351420e3430
SHA1: 2b698080294539741574d9f7532eb46bdc2bc345
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.jayway.awaitility:awaitility:1.6.3   Confidence:HIGH

jsch-0.1.54.jar

Description: JSch is a pure Java implementation of SSH2

License:

Revised BSD: http://www.jcraft.com/jsch/LICENSE.txt
File Path: D:\maven\repository\com\jcraft\jsch\0.1.54\jsch-0.1.54.jar
MD5: 56a6c6fc5819e21c665355b39b9097d8
SHA1: da3584329a263616e277e15462b387addd1b208d
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.jcraft:jsch:0.1.54   Confidence:HIGH
  • cpe: cpe:/a:jcraft:jsch:0.1.54   Confidence:LOW   

filters-2.0.235.jar

Description: A collection of image processing filters.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: D:\maven\repository\com\jhlabs\filters\2.0.235\filters-2.0.235.jar
MD5: d91073d6b28e2505e96620709626495f
SHA1: af6a2dfefef70f1ab2d7a8d1f8173f67e276b3f4
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

CVE-2018-1000840  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document.

Vulnerable Software & Versions:

CVE-2005-0406  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

Vulnerable Software & Versions:

marklogic-xcc-9.0.3.jar

Description: MarkLogic XML Contentbase Connector for Java (XCC/J)

File Path: D:\maven\repository\com\marklogic\marklogic-xcc\9.0.3\marklogic-xcc-9.0.3.jar
MD5: 7a6705e34bbaf8db48dd808c388257d9
SHA1: 38fe36b3c45aed18c6aeddab1b8ae4e89e908af9
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.marklogic:marklogic-xcc:9.0.3   Confidence:HIGH
  • cpe: cpe:/a:marklogic:marklogic:9.0.3   Confidence:LOW   

operadriver-1.5.jar

Description: OperaDriver is a vendor-supported WebDriver implementation developed by Opera Software and volunteers that implements WebDriver's wire protocol.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\com\opera\operadriver\1.5\operadriver-1.5.jar
MD5: afe1503a091d63c67e8d945783e25423
SHA1: 3875fb993d2b2b937ced0246b578c3c3f3f32f9e
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.opera:operadriver:1.5   Confidence:HIGH
  • cpe: cpe:/a:opera:opera:1.5   Confidence:LOW   
  • cpe: cpe:/a:opera_software:opera:1.5   Confidence:LOW   

CVE-2016-7152  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

Vulnerable Software & Versions: (show all)

CVE-2015-8960  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-310 Cryptographic Issues

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.

Vulnerable Software & Versions: (show all)

CVE-2010-5227  

Severity: Medium
CVSS Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information.

Vulnerable Software & Versions:

CVE-2009-2068  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication

Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

Vulnerable Software & Versions: (show all)

CVE-2009-0915  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.

Vulnerable Software & Versions: (show all)

CVE-2008-5679  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors

The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.

Vulnerable Software & Versions: (show all)

CVE-2008-4795  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.

Vulnerable Software & Versions: (show all)

CVE-2008-4794  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-20 Improper Input Validation

Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.

Vulnerable Software & Versions: (show all)

CVE-2008-4696  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).

Vulnerable Software & Versions: (show all)

CVE-2008-4695  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-200 Information Exposure

Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context.

Vulnerable Software & Versions: (show all)

CVE-2008-4293  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications.

Vulnerable Software & Versions: (show all)

CVE-2008-3172  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking."

Vulnerable Software & Versions:

CVE-2008-3079  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.

Vulnerable Software & Versions:

CVE-2008-1764  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs."

Vulnerable Software & Versions: (show all)

CVE-2008-1761  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors

Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access.

Vulnerable Software & Versions: (show all)

CVE-2003-1561  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

Vulnerable Software & Versions:

operalaunchers-1.1.jar

Description: The launchers are used for starting, stopping and monitoring of Opera.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\com\opera\operalaunchers\1.1\operalaunchers-1.1.jar
MD5: efc0db3273a50c6674c77dc75bc446c4
SHA1: 8f09d3dc6dcce5580666ae6e0556a7dbb6b1a563
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.opera:operalaunchers:1.1   Confidence:HIGH
  • cpe: cpe:/a:opera:opera:1.1   Confidence:LOW   
  • cpe: cpe:/a:opera_software:opera:1.1   Confidence:LOW   

CVE-2016-7152  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

Vulnerable Software & Versions: (show all)

CVE-2015-8960  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-310 Cryptographic Issues

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.

Vulnerable Software & Versions: (show all)

CVE-2010-5227  

Severity: Medium
CVSS Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information.

Vulnerable Software & Versions:

CVE-2009-2068  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication

Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

Vulnerable Software & Versions: (show all)

CVE-2009-0915  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.

Vulnerable Software & Versions: (show all)

CVE-2008-5679  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors

The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.

Vulnerable Software & Versions: (show all)

CVE-2008-4795  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.

Vulnerable Software & Versions: (show all)

CVE-2008-4794  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-20 Improper Input Validation

Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.

Vulnerable Software & Versions: (show all)

CVE-2008-4696  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).

Vulnerable Software & Versions: (show all)

CVE-2008-4695  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-200 Information Exposure

Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context.

Vulnerable Software & Versions: (show all)

CVE-2008-4293  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications.

Vulnerable Software & Versions: (show all)

CVE-2008-3172  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking."

Vulnerable Software & Versions:

CVE-2008-3079  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.

Vulnerable Software & Versions:

CVE-2008-1764  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs."

Vulnerable Software & Versions: (show all)

CVE-2008-1761  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors

Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access.

Vulnerable Software & Versions: (show all)

CVE-2003-1561  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

Vulnerable Software & Versions:

operalaunchers-1.1.jar: launcher-win32-i86pc.exe

File Path: D:\maven\repository\com\opera\operalaunchers\1.1\operalaunchers-1.1.jar\launchers\launcher-win32-i86pc.exe
MD5: 471167643016e8b2f444e8f5ca380af1
SHA1: d3a503274506205ef5781b14cf26f0c08997d591
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

orient-commons-1.3.0.jar

Description: OrientDB NoSQL document graph dbms

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\com\orientechnologies\orient-commons\1.3.0\orient-commons-1.3.0.jar
MD5: 1340cf11d72344cd0b5693f4bdf4cafb
SHA1: 943d18825d0df7c8fd046d20f9743986b41a5b1e
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.orientechnologies:orient-commons:1.3.0   Confidence:HIGH
  • cpe: cpe:/a:orientdb:orientdb:1.3.0   Confidence:LOW   

CVE-2017-11467  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.

Vulnerable Software & Versions:

CVE-2015-2912  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.

Vulnerable Software & Versions: (show all)

orientdb-core-1.3.0.jar

Description: OrientDB NoSQL document graph dbms

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\com\orientechnologies\orientdb-core\1.3.0\orientdb-core-1.3.0.jar
MD5: fd346a8d5e7184f9684ff486c4978101
SHA1: 98883e14a1c439b8fd100e5a23a32e07711518bd
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.orientechnologies:orientdb-core:1.3.0   Confidence:HIGH
  • cpe: cpe:/a:orientdb:orientdb:1.3.0   Confidence:LOW   

CVE-2017-11467  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.

Vulnerable Software & Versions:

CVE-2015-2912  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.

Vulnerable Software & Versions: (show all)

miredot-annotations-1.3.1.jar

File Path: D:\maven\repository\com\qmino\miredot-annotations\1.3.1\miredot-annotations-1.3.1.jar
MD5: 8368756e5edb02d84c3076365cf4b202
SHA1: 01a7e6be5cc82a7bfc10bb17b1ed4d1aa16e095b
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.qmino:miredot-annotations:1.3.1   Confidence:HIGH

jersey-apache-client-1.19.1.jar

Description: Projects that provide additional functionality to jersey, like integration with other projects/frameworks.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html, http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: D:\maven\repository\com\sun\jersey\contribs\jersey-apache-client\1.19.1\jersey-apache-client-1.19.1.jar
MD5: cd6970ab0c19ea7e730dbeae7ba0e975
SHA1: f60b51108ce9237fd3d7659117b2e22542e5a88e
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

CVE-2006-0550  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Buffer overflow in an unspecified Oracle Client utility might allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DBC02 from the January 2006 CPU, in which case this would be a duplicate of CVE-2006-0283. However, there are enough inconsistencies that the mapping can not be made authoritatively.

Vulnerable Software & Versions:

jersey-multipart-1.19.jar

Description: Projects that provide additional functionality to jersey, like integration with other projects/frameworks.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html, http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: D:\maven\repository\com\sun\jersey\contribs\jersey-multipart\1.19\jersey-multipart-1.19.jar
MD5: d022f0f2c5d1fb8b7968185367a879dd
SHA1: d94f3da447200adf1422de7fed2ca3c544eb2714
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.sun.jersey.contribs:jersey-multipart:1.19   Confidence:HIGH

jersey-spring-1.19.jar

Description: Projects that provide additional functionality to jersey, like integration with other projects/frameworks.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html, http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: D:\maven\repository\com\sun\jersey\contribs\jersey-spring\1.19\jersey-spring-1.19.jar
MD5: 5a94fb2ac93ba5a4e767f0c927713753
SHA1: ae4147c453f6d52ea6affeaf01f1eeb9d3c55351
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.sun.jersey.contribs:jersey-spring:1.19   Confidence:HIGH

jersey-core-1.19.jar

Description: Jersey is the open source (under dual CDDL+GPL license) JAX-RS (JSR 311) production quality Reference Implementation for building RESTful Web services.

License:

http://glassfish.java.net/public/CDDL+GPL_1_1.html, http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: D:\maven\repository\com\sun\jersey\jersey-core\1.19\jersey-core-1.19.jar
MD5: cdb4aea66737c70300be021a8ea50986
SHA1: 9a0619e2c514a79b610f17cadaae619c0a08d6a6
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.sun.jersey:jersey-core:1.19   Confidence:HIGH
  • cpe: cpe:/a:restful_web_services_project:restful_web_services:1.19   Confidence:LOW   

jaxb-impl-2.2.3-1.jar

Description: JAXB (JSR 222) reference implementation

License:

CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: D:\maven\repository\com\sun\xml\bind\jaxb-impl\2.2.3-1\jaxb-impl-2.2.3-1.jar
MD5: 1b689e7f87caf2615c0f6a47831d0342
SHA1: 56baae106392040a45a06d4a41099173425da1e6
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.sun.xml.bind:jaxb-impl:2.2.3-1   Confidence:HIGH

paranamer-2.4.jar

File Path: D:\maven\repository\com\thoughtworks\paranamer\paranamer\2.4\paranamer-2.4.jar
MD5: 4bb9f5ba9cd794549665d35c754cf313
SHA1: af1cfb89b2d528fc083e1128cb1a6b67c755749c
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.thoughtworks.paranamer:paranamer:2.4   Confidence:HIGH

xstream-1.4.5.jar

Description: XStream is a serialization library from Java objects to XML and back.

License:

http://xstream.codehaus.org/license.html
File Path: D:\maven\repository\com\thoughtworks\xstream\xstream\1.4.5\xstream-1.4.5.jar
MD5: 389be6fbb45761baa35e19603828084b
SHA1: 61c0a127b237182fdf2ccc9cc2efbb5779a64a3b
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.thoughtworks.xstream:xstream:1.4.5   Confidence:HIGH
  • cpe: cpe:/a:xstream_project:xstream:1.4.5   Confidence:LOW   

CVE-2017-7957  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.

Vulnerable Software & Versions:

CVE-2016-3674  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.

Vulnerable Software & Versions:

commons-beanutils-core-1.8.3.jar

File Path: D:\maven\repository\commons-beanutils\commons-beanutils-core\1.8.3\commons-beanutils-core-1.8.3.jar
MD5: 944f66e681239c8353e8497920f1e5d3
SHA1: 75812698e5e859f2cb587c622c4cdfcd61676426
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: commons-beanutils:commons-beanutils-core:1.8.3   Confidence:HIGH
  • cpe: cpe:/a:apache:commons_beanutils:1.8.3   Confidence:LOW   

CVE-2014-0114  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Vulnerable Software & Versions: (show all)

commons-beanutils-1.9.3.jar

Description: Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\commons-beanutils\commons-beanutils\1.9.3\commons-beanutils-1.9.3.jar
MD5: 4a105c9d029a7edc6f2b16567d37eab6
SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: commons-beanutils:commons-beanutils:1.9.3   Confidence:HIGH
  • cpe: cpe:/a:apache:commons_beanutils:1.9.3   Confidence:LOW   

commons-cli-1.2.jar

Description:  Commons CLI provides a simple API for presenting, processing and validating a command line interface.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\commons-cli\commons-cli\1.2\commons-cli-1.2.jar
MD5: bfdcae1ff93f0c07d733f03bdce28c9e
SHA1: 2bf96b7aa8b611c177d329452af1dc933e14501c
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: commons-cli:commons-cli:1.2   Confidence:HIGH

commons-codec-1.9.jar

Description:  The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\commons-codec\commons-codec\1.9\commons-codec-1.9.jar
MD5: 75615356605c8128013da9e3ac62a249
SHA1: 9ce04e34240f674bc72680f8b843b1457383161a
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: commons-codec:commons-codec:1.9   Confidence:HIGH

commons-collections-3.2.1.jar

Description: Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\commons-collections\commons-collections\3.2.1\commons-collections-3.2.1.jar
MD5: 13bc641afd7fd95e09b260f69c1e4c91
SHA1: 761ea405b9b37ced573d2df0d1e3a4e0f9edc668
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

CVE-2017-15708  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.

Vulnerable Software & Versions: (show all)

CVE-2015-6420  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Vulnerable Software & Versions: (show all)

commons-dbcp-1.4.jar

Description: Commons Database Connection Pooling

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\commons-dbcp\commons-dbcp\1.4\commons-dbcp-1.4.jar
MD5: b004158fab904f37f5831860898b3cd9
SHA1: 30be73c965cc990b153a100aaaaafcf239f82d39
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: commons-dbcp:commons-dbcp:1.4   Confidence:HIGH

commons-digester-1.8.jar

Description: The Digester package lets you configure an XML->Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: D:\maven\repository\commons-digester\commons-digester\1.8\commons-digester-1.8.jar
MD5: cf89c593f0378e9509a06fce7030aeba
SHA1: dc6a73fdbd1fa3f0944e8497c6c872fa21dca37e
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: commons-digester:commons-digester:1.8   Confidence:HIGH

commons-fileupload-1.3.3.jar

Description:  The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\commons-fileupload\commons-fileupload\1.3.3\commons-fileupload-1.3.3.jar
MD5: dd77e787b7b5dc56f6a1cb658716d55d
SHA1: 04ff14d809195b711fd6bcc87e6777f886730ca1
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: commons-fileupload:commons-fileupload:1.3.3   Confidence:HIGH
  • cpe: cpe:/a:apache:commons_fileupload:1.3.3   Confidence:LOW   

commons-httpclient-20020423.jar

File Path: D:\maven\repository\commons-httpclient\commons-httpclient\20020423\commons-httpclient-20020423.jar
MD5: 8e4e15958e9c9401b6d7d47ba4337274
SHA1: 12eedf03e564f55595e6c422b67a04bdcc494161
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: commons-httpclient:commons-httpclient:20020423   Confidence:HIGH
  • cpe: cpe:/a:apache:commons-httpclient:-   Confidence:LOW   
  • cpe: cpe:/a:apache:httpclient:-   Confidence:LOW   

commons-io-2.4.jar

Description:  The Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\commons-io\commons-io\2.4\commons-io-2.4.jar
MD5: 7f97854dc04c119d461fed14f5d8bb96
SHA1: b1b6ea3b7e4aa4f492509a4952029cd8e48019ad
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: commons-io:commons-io:2.4   Confidence:HIGH

commons-jxpath-1.3.jar

Description: A Java-based implementation of XPath 1.0 that, in addition to XML processing, can inspect/modify Java object graphs (the library's explicit purpose) and even mixed Java/XML structures.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\commons-jxpath\commons-jxpath\1.3\commons-jxpath-1.3.jar
MD5: 61a9aa8ff43ba10853571d57f724bf88
SHA1: c22d7d0f0f40eb7059a23cfa61773a416768b137
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: commons-jxpath:commons-jxpath:1.3   Confidence:HIGH

commons-lang-2.4.jar

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\commons-lang\commons-lang\2.4\commons-lang-2.4.jar
MD5: 237a8e845441bad2e535c57d985c8204
SHA1: 16313e02a793435009f1e458fa4af5d879f6fb11
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: commons-lang:commons-lang:2.4   Confidence:HIGH

commons-logging-1.1.3.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\commons-logging\commons-logging\1.1.3\commons-logging-1.1.3.jar
MD5: 92eb5aabc1b47287de53d45c086a435c
SHA1: f6f66e966c70a83ffbdb6f17a0919eaf7c8aca7f
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: commons-logging:commons-logging:1.1.3   Confidence:HIGH

commons-math-1.2.jar

Description: The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\commons-math\commons-math\1.2\commons-math-1.2.jar
MD5: 5d3ce091a67e863549de4493e19df069
SHA1: 3955b41fe9f3c0469bd873331940674812d09bd2
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: commons-math:commons-math:1.2   Confidence:HIGH

commons-net-1.4.1.jar

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: D:\maven\repository\commons-net\commons-net\1.4.1\commons-net-1.4.1.jar
MD5: 365c9a26e81b212de0553fbed10452cc
SHA1: abb932adb2c10790c1eaa4365d3ac2a1ac7cb700
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: commons-net:commons-net:1.4.1   Confidence:HIGH

commons-pool-1.4.jar

Description: Commons Object Pooling Library

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: D:\maven\repository\commons-pool\commons-pool\1.4\commons-pool-1.4.jar
MD5: 005018c3d853a50cb5e4209ccd1c603c
SHA1: 1a667c9d419dc4f185c9f8ebb66495e78e104f68
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: commons-pool:commons-pool:1.4   Confidence:HIGH

commons-vfs-1.0.jar

Description: VFS is a Virtual File System library.

License:

The Apache Software License, Version 2.0: /LICENSE.txt
File Path: D:\maven\repository\commons-vfs\commons-vfs\1.0\commons-vfs-1.0.jar
MD5: 073d271faeb51252b8726100b8bc25af
SHA1: 2478ad37c6c2c27e76a9582455c2f670b0e7a0d1
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: commons-vfs:commons-vfs:1.0   Confidence:HIGH

concurrent-1.3.4.jar

License:

Public domain, Sun Microsoystems: >http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/intro.html
File Path: D:\maven\repository\concurrent\concurrent\1.3.4\concurrent-1.3.4.jar
MD5: f29b9d930d3426ebc56919eba10fbd4d
SHA1: 1cf394c2a388199db550cda311174a4c6a7d117c
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: concurrent:concurrent:1.3.4   Confidence:HIGH

jbehave-junit-runner-1.2.0.jar

License:

MIT License: http://www.opensource.org/licenses/MIT
File Path: D:\maven\repository\de\codecentric\jbehave-junit-runner\1.2.0\jbehave-junit-runner-1.2.0.jar
MD5: 1e3e8d2aec273bcb9f8dda107c82552e
SHA1: 83c62e0d1153ab2b56aa646fd4e34bad9f909603
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: de.codecentric:jbehave-junit-runner:1.2.0   Confidence:HIGH

dom4j-1.6.1.jar

Description: dom4j: the flexible XML framework for Java

File Path: D:\maven\repository\dom4j\dom4j\1.6.1\dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

CVE-2018-1000632  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-91 XML Injection (aka Blind XPath Injection)

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

Vulnerable Software & Versions: (show all)

eigenbase-properties-1.1.4.jar

Description: Type-safe access to Java system properties.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\eigenbase\eigenbase-properties\1.1.4\eigenbase-properties-1.1.4.jar
MD5: 6683b1255a5ffc50270a1a8ad86fdbc0
SHA1: 945753886102390cc7e7a3f730379265ec1c68e0
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: eigenbase:eigenbase-properties:1.1.4   Confidence:HIGH

eigenbase-resgen-1.3.5.jar

Description: Generator of type-safe wrappers for Java resource files.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\eigenbase\eigenbase-resgen\1.3.5\eigenbase-resgen-1.3.5.jar
MD5: 0a647c32e15be2becc26210dc9f76485
SHA1: 354dd8ea66a747389af07798c27e9ee04bc59d98
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: eigenbase:eigenbase-resgen:1.3.5   Confidence:HIGH

eigenbase-xom-1.3.4.jar

Description: XML object model for Java.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\eigenbase\eigenbase-xom\1.3.4\eigenbase-xom-1.3.4.jar
MD5: 64d2ddffb3d902e8442ac7e258dd87a2
SHA1: 9fbc84f269d04fc0919d6c1e6cdbf0fd4587ad89
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: eigenbase:eigenbase-xom:1.3.4   Confidence:HIGH

hsqldb-1.8.0.10.jar

Description: Lightweight 100% Java SQL Database Engine

License:

HSQLDB License: http://hsqldb.org/web/hsqlLicense.html
File Path: D:\maven\repository\hsqldb\hsqldb\1.8.0.10\hsqldb-1.8.0.10.jar
MD5: 7df83e09e41d742cc5fb20d16b80729c
SHA1: 7e9978fdb754bce5fcd5161133e7734ecb683036
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: hsqldb:hsqldb:1.8.0.10   Confidence:HIGH

cucumber-core-1.2.2.jar

File Path: D:\maven\repository\info\cukes\cucumber-core\1.2.2\cucumber-core-1.2.2.jar
MD5: 9ace62243d13e65dfc9fa99b1745cd11
SHA1: c3b855da913bd04481708246cdf06c1ed5cb3c2d
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: info.cukes:cucumber-core:1.2.2   Confidence:HIGH

cucumber-html-0.2.3.jar

Description: Cucumber-HTML is a cross-platform HTML formatter for all the Cucumber implementations.

License:

MIT License: http://www.opensource.org/licenses/mit-license
File Path: D:\maven\repository\info\cukes\cucumber-html\0.2.3\cucumber-html-0.2.3.jar
MD5: d46fd8733b8aa147f0e5bb37d2e1d5b8
SHA1: 624a0c986088e32910336dd77aee5191c04a8201
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: info.cukes:cucumber-html:0.2.3   Confidence:HIGH

cucumber-jvm-deps-1.0.3.jar

File Path: D:\maven\repository\info\cukes\cucumber-jvm-deps\1.0.3\cucumber-jvm-deps-1.0.3.jar
MD5: ea704dbb8932b59b4f1e0a7fe6119009
SHA1: cccdeff234db8b12e91ae2529812f1240b4d5603
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

gherkin-2.12.2.jar

Description: Pure Java Gherkin

License:

MIT License: http://www.opensource.org/licenses/mit-license
File Path: D:\maven\repository\info\cukes\gherkin\2.12.2\gherkin-2.12.2.jar
MD5: 4f9d2052404a4dd642714c345e389f64
SHA1: 017138631fa20fd0e44a13e50d6b7be59cee1a94
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: info.cukes:gherkin:2.12.2   Confidence:HIGH

java-client-2.1.0.jar

Description: Java client for Appium Mobile Webdriver

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\io\appium\java-client\2.1.0\java-client-2.1.0.jar
MD5: 971fc77821ba7b81393e88fe0143e403
SHA1: 4f196997275225055c6f36a297f0b596cd266e63
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: io.appium:java-client:2.1.0   Confidence:HIGH

netty-3.5.2.Final.jar

Description:  The Netty project is an effort to provide an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: D:\maven\repository\io\netty\netty\3.5.2.Final\netty-3.5.2.Final.jar
MD5: 2d75cefef03243943a3673d452b57f1f
SHA1: e6fb74a0699abe108969b2ec1f269391169a0426
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:netty_project:netty:3.5.2   Confidence:LOW   
  • maven: io.netty:netty:3.5.2.Final   Confidence:HIGH

CVE-2015-2156  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-20 Improper Input Validation

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

Vulnerable Software & Versions: (show all)

CVE-2014-3488  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

Vulnerable Software & Versions: (show all)

iText-4.2.0.jar

Description: Artifactory auto generated POM

File Path: D:\maven\repository\iText\iText\4.2.0\iText-4.2.0.jar
MD5: b2c1f84b9960ba3cc336ef25a4fa3c65
SHA1: 2a4eeddf409b2f054bd66c796f680f01ca8ede62
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: iText:iText:4.2.0   Confidence:HIGH

javassist-3.12.1.GA.jar

Description: Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: D:\maven\repository\javassist\javassist\3.12.1.GA\javassist-3.12.1.GA.jar
MD5: 30d9d95456d43005da78d7281accccd1
SHA1: 526633327faa61aee448a519e8a4d53ec3057885
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: javassist:javassist:3.12.1.GA   Confidence:HIGH

activation-1.1.jar

Description:  JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).

License:

Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: D:\maven\repository\javax\activation\activation\1.1\activation-1.1.jar
MD5: 8ae38e87cd4f86059c0294a8fe3e0b18
SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: javax.activation:activation:1.1   Confidence:HIGH

javax.el-api-2.2.4.jar

Description: Java.net - The Source for Java Technology Collaboration

License:

CDDL + GPLv2 with classpath exception: http://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: D:\maven\repository\javax\el\javax.el-api\2.2.4\javax.el-api-2.2.4.jar
MD5: 6cd0f67018526b8fd7d68f9ca010444e
SHA1: 1287562cc3f0ff5439ded6f2949e73ce1c0edaab
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

CVE-2015-2808  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Vulnerable Software & Versions: (show all)

CVE-2013-2566  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Vulnerable Software & Versions: (show all)

javax.inject-1.jar

Description: The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\javax\inject\javax.inject\1\javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: javax.inject:javax.inject:1   Confidence:HIGH

jcr-2.0.jar

Description:  The Content Repository API for JavaTM Technology Version 2.0 is specified by JSR-283. This module contains the complete API as specified.

File Path: D:\maven\repository\javax\jcr\jcr\2.0\jcr-2.0.jar
MD5: ede5e78b16c8ed298ce0b6d296584ebd
SHA1: 08297216bcfe4aea369ed6ee0d1718133f752e97
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:content_project:content:2.0   Confidence:LOW   
  • maven: javax.jcr:jcr:2.0   Confidence:HIGH

CVE-2017-16111  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.

Vulnerable Software & Versions:

mail-1.4.7.jar

Description: JavaMail API (compat)

License:

http://www.sun.com/cddl, https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: D:\maven\repository\javax\mail\mail\1.4.7\mail-1.4.7.jar
MD5: 77f53ff0c78ba43c4812ecc9f53e20f8
SHA1: 9add058589d5d85adeb625859bf2c5eeaaedf12d
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:mail_project:mail:1.4.7   Confidence:LOW   
  • maven: javax.mail:mail:1.4.7   Confidence:HIGH

CVE-2015-9097  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')

The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

Vulnerable Software & Versions:

javax.servlet-api-3.1.0.jar

Description: Java(TM) Servlet 3.1 API Design Specification

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: D:\maven\repository\javax\servlet\javax.servlet-api\3.1.0\javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

CVE-2015-2808  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Vulnerable Software & Versions: (show all)

CVE-2013-2566  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Vulnerable Software & Versions: (show all)

jstl-1.2.jar

File Path: D:\maven\repository\javax\servlet\jstl\1.2\jstl-1.2.jar
MD5: 51e15f798e69358cb893e38c50596b9b
SHA1: 74aca283cd4f4b4f3e425f5820cda58f44409547
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: javax.servlet:jstl:1.2   Confidence:HIGH

jta-1.1.jar

Description:  The javax.transaction package. It is appropriate for inclusion in a classpath, and may be added to a Java 2 installation.

File Path: D:\maven\repository\javax\transaction\jta\1.1\jta-1.1.jar
MD5: 82a10ce714f411b28f13850059de09ee
SHA1: 2ca09f0b36ca7d71b762e14ea2ff09d5eac57558
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: javax.transaction:jta:1.1   Confidence:HIGH

validation-api-1.1.0.Final.jar

Description:  Bean Validation API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\javax\validation\validation-api\1.1.0.Final\validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

CVE-2013-4499  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in the Bean module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the bean title.

Vulnerable Software & Versions: (show all)

jsr311-api-1.1.1.jar

License:

                CDDL License
            : http://www.opensource.org/licenses/cddl1.php
File Path: D:\maven\repository\javax\ws\rs\jsr311-api\1.1.1\jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: javax.ws.rs:jsr311-api:1.1.1   Confidence:HIGH

jaxb-api-2.2.2.jar

Description:  JAXB (JSR 222) API

License:

CDDL 1.1: https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
File Path: D:\maven\repository\javax\xml\bind\jaxb-api\2.2.2\jaxb-api-2.2.2.jar
MD5: a415e9a322984be1e1f8a023d09dca5f
SHA1: aeb3021ca93dde265796d82015beecdcff95bf09
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:fish:fish:2.2.2   Confidence:LOW   
  • cpe: cpe:/a:oracle:glassfish:2.2.2   Confidence:LOW   
  • maven: javax.xml.bind:jaxb-api:2.2.2   Confidence:HIGH

CVE-2015-2808  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Vulnerable Software & Versions: (show all)

CVE-2013-2566  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Vulnerable Software & Versions: (show all)

stax-api-1.0-2.jar

Description:  StAX is a standard XML processing API that allows you to stream XML data from and to your application.

License:

GNU General Public Library: http://www.gnu.org/licenses/gpl.txt
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html
File Path: D:\maven\repository\javax\xml\stream\stax-api\1.0-2\stax-api-1.0-2.jar
MD5: 7d18b63063580284c3f5734081fdc99f
SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: javax.xml.stream:stax-api:1.0-2   Confidence:HIGH

joda-time-2.7.jar

Description: Date and time library to replace JDK date handling

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\joda-time\joda-time\2.7\joda-time-2.7.jar
MD5: 4f29e832878694d7096249c5c32f8fe9
SHA1: 5599707a3eaad13e889f691b3af78c8c03842195
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

CVE-2014-5169  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title.

Vulnerable Software & Versions:

jug-lgpl-2.0.0.jar

File Path: D:\maven\repository\jug-lgpl\jug-lgpl\2.0.0\jug-lgpl-2.0.0.jar
MD5: 27e15d9c1de3614f5e7aee0fe891d470
SHA1: ea83645d04e1a31126b83e8ef0e372803d0356e1
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: jug-lgpl:jug-lgpl:2.0.0   Confidence:HIGH

log4j-1.2.14.jar

Description: Log4j

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\log4j\log4j\1.2.14\log4j-1.2.14.jar
MD5: 599b8ba07d1d04f0ea34414e861d7ad1
SHA1: 03b254c872b95141751f414e353a25c2ac261b51
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:log4j:1.2.14   Confidence:LOW   
  • maven: log4j:log4j:1.2.14   Confidence:HIGH

mx4j-tools-3.0.1.jar

File Path: D:\maven\repository\mx4j\mx4j-tools\3.0.1\mx4j-tools-3.0.1.jar
MD5: 5f345ad6d9caf2d074df1c7dba35c6c6
SHA1: df853af9fe34d4eb6f849a1b5936fddfcbe67751
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: mx4j:mx4j-tools:3.0.1   Confidence:HIGH

mysql-connector-java-5.1.17.jar

Description: MySQL JDBC Type 4 driver

License:

The GNU General Public License, Version 2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
File Path: D:\maven\repository\mysql\mysql-connector-java\5.1.17\mysql-connector-java-5.1.17.jar
MD5: f363ecce2d02ebf6224f8fd3925400d9
SHA1: 60d52df83d1cc6bcfcb4bf7da3d5b3b912e82d8b
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:mysql:mysql:5.1.17   Confidence:HIGHEST   
  • cpe: cpe:/a:oracle:connector/j:5.1.17   Confidence:LOW   
  • cpe: cpe:/a:oracle:mysql:5.1.17   Confidence:LOW   
  • cpe: cpe:/a:oracle:mysql_connector/j:5.1.17   Confidence:LOW   
  • cpe: cpe:/a:oracle:mysql_connectors:5.1.17   Confidence:LOW   
  • maven: mysql:mysql-connector-java:5.1.17   Confidence:HIGH

CVE-2019-2539  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2019-2536  

Severity: Low
CVSS Score: 1.2 (AV:L/AC:H/Au:N/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2019-2535  

Severity: Low
CVSS Score: 1.9 (AV:L/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2019-2533  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).

Vulnerable Software & Versions: (show all)

CVE-2019-2530  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2019-2502  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2019-2495  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2019-2494  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2019-2436  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Vulnerable Software & Versions:

CVE-2018-3286  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Vulnerable Software & Versions:

CVE-2018-3279  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3258  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-3212  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3203  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3195  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Vulnerable Software & Versions:

CVE-2018-3186  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3182  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3170  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3145  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3137  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3084  

Severity: Low
CVSS Score: 1.9 (AV:L/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).

Vulnerable Software & Versions:

CVE-2018-3082  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Vulnerable Software & Versions:

CVE-2018-3081  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-3080  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3079  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3078  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3077  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-3075  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3074  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3073  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3071  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3070  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-3067  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3066  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).

Vulnerable Software & Versions: (show all)

CVE-2018-3065  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-3064  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-3063  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3062  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-3061  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2018-3060  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-3058  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Vulnerable Software & Versions: (show all)

CVE-2018-3056  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Vulnerable Software & Versions: (show all)

CVE-2018-3054  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2018-2767  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).

Vulnerable Software & Versions: (show all)

CVE-2018-2759  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-3650  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Vulnerable Software & Versions:

CVE-2017-3646  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-3645  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-3644  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-3643  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-3642  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-3641  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2017-3640  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-3639  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-3638  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-3637  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-3636  

Severity: Medium
CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

Vulnerable Software & Versions: (show all)

CVE-2017-3634  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2017-3633  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).

Vulnerable Software & Versions: (show all)

CVE-2017-3600  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

Vulnerable Software & Versions: (show all)

CVE-2017-3599  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.

Vulnerable Software & Versions: (show all)

CVE-2017-3589  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Vulnerable Software & Versions: (show all)

CVE-2017-3586  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).

Vulnerable Software & Versions:

CVE-2017-3529  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: UDF). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-3523  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

Vulnerable Software & Versions: (show all)

CVE-2017-3468  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).

Vulnerable Software & Versions:

CVE-2017-3467  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Vulnerable Software & Versions:

CVE-2017-3465  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Vulnerable Software & Versions:

CVE-2017-3464  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Vulnerable Software & Versions: (show all)

CVE-2017-3463  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2017-3462  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2017-3461  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2017-3460  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-3459  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-3458  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-3457  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-3456  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2017-3455  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

Vulnerable Software & Versions:

CVE-2017-3454  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Vulnerable Software & Versions:

CVE-2017-3453  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2017-3452  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-3450  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2017-3329  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2017-3320  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).

Vulnerable Software & Versions:

CVE-2017-3319  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).

Vulnerable Software & Versions:

CVE-2017-3318  

Severity: Low
CVSS Score: 1.0 (AV:L/AC:H/Au:S/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).

Vulnerable Software & Versions: (show all)

CVE-2017-3317  

Severity: Low
CVSS Score: 1.5 (AV:L/AC:M/Au:S/C:N/I:N/A:P)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).

Vulnerable Software & Versions: (show all)

CVE-2017-3313  

Severity: Low
CVSS Score: 1.5 (AV:L/AC:M/Au:S/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).

Vulnerable Software & Versions: (show all)

CVE-2017-3312  

Severity: Low
CVSS Score: 3.5 (AV:L/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-254 Security Features

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).

Vulnerable Software & Versions: (show all)

CVE-2017-3309  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2017-3308  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

Vulnerable Software & Versions: (show all)

CVE-2017-3305  

Severity: Medium
CVSS Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, "The Riddle".

Vulnerable Software & Versions: (show all)

CVE-2017-3302  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.

Vulnerable Software & Versions: (show all)

CVE-2017-3291  

Severity: Low
CVSS Score: 3.5 (AV:L/AC:H/Au:S/C:P/I:P/A:P)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).

Vulnerable Software & Versions: (show all)

CVE-2017-3273  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

Vulnerable Software & Versions: (show all)

CVE-2017-3265  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).

Vulnerable Software & Versions: (show all)

CVE-2017-3258  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

Vulnerable Software & Versions: (show all)

CVE-2017-3257  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-485 Insufficient Encapsulation

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

Vulnerable Software & Versions:

CVE-2017-3256  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

Vulnerable Software & Versions:

CVE-2017-3251  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).

Vulnerable Software & Versions:

CVE-2017-3244  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

Vulnerable Software & Versions: (show all)

CVE-2017-3243  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).

Vulnerable Software & Versions:

CVE-2017-3238  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

Vulnerable Software & Versions: (show all)

CVE-2017-10365  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).

Vulnerable Software & Versions:

CVE-2017-10320  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-10313  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-10311  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-10296  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-10284  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Stored Procedure). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-10167  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2017-10165  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Software & Versions:

CVE-2016-8327  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).

Vulnerable Software & Versions: (show all)

CVE-2016-8318  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).

Vulnerable Software & Versions: (show all)

CVE-2016-8290  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-5633.

Vulnerable Software & Versions:

CVE-2016-8289  

Severity: Low
CVSS Score: 3.3 (AV:L/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.

Vulnerable Software & Versions:

CVE-2016-8288  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.

Vulnerable Software & Versions: (show all)

CVE-2016-8287  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.

Vulnerable Software & Versions:

CVE-2016-8286  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.

Vulnerable Software & Versions:

CVE-2016-8284  

Severity: Low
CVSS Score: 1.2 (AV:L/AC:H/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.

Vulnerable Software & Versions: (show all)

CVE-2016-5635  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.

Vulnerable Software & Versions: (show all)

CVE-2016-5634  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR.

Vulnerable Software & Versions: (show all)

CVE-2016-5633  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290.

Vulnerable Software & Versions: (show all)

CVE-2016-5632  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2016-5631  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.

Vulnerable Software & Versions: (show all)

CVE-2016-5628  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.

Vulnerable Software & Versions: (show all)

CVE-2016-5625  

Severity: Medium
CVSS Score: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging.

Vulnerable Software & Versions: (show all)

CVE-2016-5624  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Vulnerable Software & Versions:

CVE-2016-5443  

Severity: Low
CVSS Score: 1.2 (AV:L/AC:H/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.

Vulnerable Software & Versions:

CVE-2016-5442  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption.

Vulnerable Software & Versions:

CVE-2016-5441  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.

Vulnerable Software & Versions:

CVE-2016-5437  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.

Vulnerable Software & Versions:

CVE-2016-5436  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

Vulnerable Software & Versions:

CVE-2016-3588  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:N/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.

Vulnerable Software & Versions:

CVE-2016-3518  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

Vulnerable Software & Versions:

CVE-2016-3495  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2016-3440  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

Vulnerable Software & Versions:

CVE-2016-3424  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.

Vulnerable Software & Versions:

CVE-2016-0667  

Severity: Low
CVSS Score: 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking.

Vulnerable Software & Versions:

CVE-2016-0663  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Performance Schema.

Vulnerable Software & Versions:

CVE-2016-0662  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Partition.

Vulnerable Software & Versions:

CVE-2016-0659  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Optimizer.

Vulnerable Software & Versions:

CVE-2016-0658  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Optimizer.

Vulnerable Software & Versions:

CVE-2016-0657  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:P/I:N/A:N)

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect confidentiality via vectors related to JSON.

Vulnerable Software & Versions:

CVE-2016-0656  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0654.

Vulnerable Software & Versions:

CVE-2016-0654  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0656.

Vulnerable Software & Versions:

CVE-2016-0653  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to FTS.

Vulnerable Software & Versions:

CVE-2016-0652  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML.

Vulnerable Software & Versions:

CVE-2016-0651  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.

Vulnerable Software & Versions:

CVE-2016-0616  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2016-0611  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2016-0610  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2016-0607  

Severity: Low
CVSS Score: 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.

Vulnerable Software & Versions: (show all)

CVE-2016-0595  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Vulnerable Software & Versions:

CVE-2016-0594  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Vulnerable Software & Versions:

CVE-2016-0504  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503.

Vulnerable Software & Versions: (show all)

CVE-2016-0503  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504.

Vulnerable Software & Versions: (show all)

CVE-2015-4910  

Severity: Low
CVSS Score: 2.1 (AV:N/AC:H/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.

Vulnerable Software & Versions:

CVE-2015-4905  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.

Vulnerable Software & Versions:

CVE-2015-4904  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.

Vulnerable Software & Versions:

CVE-2015-4895  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

Vulnerable Software & Versions:

CVE-2015-4890  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.

Vulnerable Software & Versions:

CVE-2015-4866  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

Vulnerable Software & Versions:

CVE-2015-4862  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Vulnerable Software & Versions:

CVE-2015-4833  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.

Vulnerable Software & Versions:

CVE-2015-4819  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.

Vulnerable Software & Versions:

CVE-2015-4816  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

Vulnerable Software & Versions:

CVE-2015-4800  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

Vulnerable Software & Versions:

CVE-2015-4791  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.

Vulnerable Software & Versions:

CVE-2015-4772  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.

Vulnerable Software & Versions:

CVE-2015-4771  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.

Vulnerable Software & Versions:

CVE-2015-4769  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767.

Vulnerable Software & Versions:

CVE-2015-4767  

Severity: Low
CVSS Score: 1.7 (AV:N/AC:H/Au:M/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.

Vulnerable Software & Versions:

CVE-2015-4766  

Severity: Low
CVSS Score: 1.9 (AV:L/AC:M/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.

Vulnerable Software & Versions:

CVE-2015-4761  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.

Vulnerable Software & Versions:

CVE-2015-4756  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439.

Vulnerable Software & Versions:

CVE-2015-4730  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.

Vulnerable Software & Versions:

CVE-2015-3152  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.

Vulnerable Software & Versions: (show all)

CVE-2015-2661  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.

Vulnerable Software & Versions:

CVE-2015-2641  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.

Vulnerable Software & Versions:

CVE-2015-2639  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.

Vulnerable Software & Versions:

CVE-2015-2617  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.

Vulnerable Software & Versions:

CVE-2015-2611  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Vulnerable Software & Versions:

CVE-2015-2582  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

Vulnerable Software & Versions: (show all)

CVE-2015-2575  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.

Vulnerable Software & Versions:

CVE-2015-2567  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.

Vulnerable Software & Versions:

CVE-2015-2566  

Severity: Low
CVSS Score: 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Vulnerable Software & Versions:

CVE-2015-0511  

Severity: Low
CVSS Score: 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.

Vulnerable Software & Versions:

CVE-2015-0508  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506.

Vulnerable Software & Versions:

CVE-2015-0507  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.

Vulnerable Software & Versions:

CVE-2015-0506  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508.

Vulnerable Software & Versions:

CVE-2015-0503  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.

Vulnerable Software & Versions:

CVE-2015-0500  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2015-0498  

Severity: Low
CVSS Score: 1.7 (AV:N/AC:H/Au:M/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.

Vulnerable Software & Versions:

CVE-2015-0439  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.

Vulnerable Software & Versions: (show all)

CVE-2015-0438  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.

Vulnerable Software & Versions:

CVE-2015-0432  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.

Vulnerable Software & Versions:

CVE-2015-0423  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2015-0409  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2015-0405  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.

Vulnerable Software & Versions:

CVE-2015-0385  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.

Vulnerable Software & Versions:

CVE-2014-6564  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.

Vulnerable Software & Versions: (show all)

CVE-2014-6520  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.

Vulnerable Software & Versions: (show all)

CVE-2014-6489  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:N/I:P/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.

Vulnerable Software & Versions: (show all)

CVE-2014-6474  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.

Vulnerable Software & Versions: (show all)

CVE-2014-4260  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:N/I:P/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.

Vulnerable Software & Versions: (show all)

CVE-2014-4258  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

Vulnerable Software & Versions: (show all)

CVE-2014-4243  

Severity: Low
CVSS Score: 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.

Vulnerable Software & Versions: (show all)

CVE-2014-4240  

Severity: Low
CVSS Score: 3.6 (AV:L/AC:L/Au:N/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.

Vulnerable Software & Versions: (show all)

CVE-2014-4238  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.

Vulnerable Software & Versions: (show all)

CVE-2014-4233  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.

Vulnerable Software & Versions: (show all)

CVE-2014-4214  

Severity: Low
CVSS Score: 3.3 (AV:N/AC:L/Au:M/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.

Vulnerable Software & Versions: (show all)

CVE-2014-4207  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.

Vulnerable Software & Versions: (show all)

CVE-2014-2494  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.

Vulnerable Software & Versions: (show all)

CVE-2014-2484  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS.

Vulnerable Software & Versions: (show all)

CVE-2014-2451  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.

Vulnerable Software & Versions: (show all)

CVE-2014-2450  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2014-2444  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2014-2442  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.

Vulnerable Software & Versions: (show all)

CVE-2014-2438  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.

Vulnerable Software & Versions: (show all)

CVE-2014-2436  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.

Vulnerable Software & Versions: (show all)

CVE-2014-2435  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2014-2434  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Vulnerable Software & Versions: (show all)

CVE-2014-2432  

Severity: Low
CVSS Score: 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P)

Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.

Vulnerable Software & Versions: (show all)

CVE-2014-2431  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.

Vulnerable Software & Versions: (show all)

CVE-2014-2430  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.

Vulnerable Software & Versions: (show all)

CVE-2014-2419  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

Vulnerable Software & Versions: (show all)

CVE-2014-0437  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2014-0433  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.

Vulnerable Software & Versions: (show all)

CVE-2014-0431  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.

Vulnerable Software & Versions: (show all)

CVE-2014-0430  

Severity: Low
CVSS Score: 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.

Vulnerable Software & Versions: (show all)

CVE-2014-0427  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.

Vulnerable Software & Versions: (show all)

CVE-2014-0420  

Severity: Low
CVSS Score: 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.

Vulnerable Software & Versions: (show all)

CVE-2014-0412  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2014-0402  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.

Vulnerable Software & Versions: (show all)

CVE-2014-0401  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2014-0393  

Severity: Low
CVSS Score: 3.3 (AV:N/AC:L/Au:M/C:N/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2014-0386  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2014-0384  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.

Vulnerable Software & Versions: (show all)

CVE-2013-5908  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.

Vulnerable Software & Versions: (show all)

CVE-2013-5894  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2013-5891  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

Vulnerable Software & Versions: (show all)

CVE-2013-5882  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.

Vulnerable Software & Versions: (show all)

CVE-2013-5881  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431.

Vulnerable Software & Versions: (show all)

CVE-2013-5860  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

Vulnerable Software & Versions: (show all)

CVE-2013-5793  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5786.

Vulnerable Software & Versions: (show all)

CVE-2013-5786  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5793.

Vulnerable Software & Versions: (show all)

CVE-2013-5770  

Severity: Low
CVSS Score: 2.1 (AV:N/AC:H/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.

Vulnerable Software & Versions: (show all)

CVE-2013-5767  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-3839  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-3812  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2013-3811  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.

Vulnerable Software & Versions: (show all)

CVE-2013-3810  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.

Vulnerable Software & Versions: (show all)

CVE-2013-3809  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.

Vulnerable Software & Versions: (show all)

CVE-2013-3808  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

Vulnerable Software & Versions: (show all)

CVE-2013-3807  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.

Vulnerable Software & Versions: (show all)

CVE-2013-3806  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.

Vulnerable Software & Versions: (show all)

CVE-2013-3805  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.

Vulnerable Software & Versions: (show all)

CVE-2013-3804  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-3802  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.

Vulnerable Software & Versions: (show all)

CVE-2013-3801  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

Vulnerable Software & Versions: (show all)

CVE-2013-3798  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.

Vulnerable Software & Versions: (show all)

CVE-2013-3796  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-3795  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.

Vulnerable Software & Versions: (show all)

CVE-2013-3794  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

Vulnerable Software & Versions: (show all)

CVE-2013-3793  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.

Vulnerable Software & Versions: (show all)

CVE-2013-3783  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.

Vulnerable Software & Versions: (show all)

CVE-2013-2395  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567.

Vulnerable Software & Versions: (show all)

CVE-2013-2392  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-2391  

Severity: Low
CVSS Score: 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.

Vulnerable Software & Versions: (show all)

CVE-2013-2389  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2013-2381  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)

Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.

Vulnerable Software & Versions: (show all)

CVE-2013-2378  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions: (show all)

CVE-2013-2376  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.

Vulnerable Software & Versions: (show all)

CVE-2013-2375  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2013-1570  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached.

Vulnerable Software & Versions: (show all)

CVE-2013-1567  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395.

Vulnerable Software & Versions: (show all)

CVE-2013-1566  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2013-1555  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

Vulnerable Software & Versions: (show all)

CVE-2013-1552  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2013-1548  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.

Vulnerable Software & Versions: (show all)

CVE-2013-1532  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions: (show all)

CVE-2013-1531  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.

Vulnerable Software & Versions: (show all)

CVE-2013-1526  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2013-1523  

Severity: Medium
CVSS Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-1521  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions: (show all)

CVE-2013-1512  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.

Vulnerable Software & Versions: (show all)

CVE-2013-1511  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2013-1506  

Severity: Low
CVSS Score: 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions: (show all)

CVE-2013-1502  

Severity: Low
CVSS Score: 1.5 (AV:L/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.

Vulnerable Software & Versions: (show all)

CVE-2013-1492  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.

Vulnerable Software & Versions: (show all)

CVE-2013-0389  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-0386  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.

Vulnerable Software & Versions: (show all)

CVE-2013-0385  

Severity: Medium
CVSS Score: 6.6 (AV:L/AC:L/Au:N/C:C/I:C/A:N)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2013-0384  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions: (show all)

CVE-2013-0383  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions: (show all)

CVE-2013-0375  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2013-0371  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.

Vulnerable Software & Versions: (show all)

CVE-2013-0368  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2013-0367  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

Vulnerable Software & Versions: (show all)

CVE-2012-5627  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Vulnerable Software & Versions: (show all)

CVE-2012-5096  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-5060  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

Vulnerable Software & Versions: (show all)

CVE-2012-4414  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

Vulnerable Software & Versions: (show all)

CVE-2012-3197  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2012-3180  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-3177  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.

Vulnerable Software & Versions: (show all)

CVE-2012-3173  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.

Vulnerable Software & Versions: (show all)

CVE-2012-3166  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2012-3163  

Severity: High
CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions: (show all)

CVE-2012-3160  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

Vulnerable Software & Versions: (show all)

CVE-2012-3158  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.

Vulnerable Software & Versions: (show all)

CVE-2012-3156  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.

Vulnerable Software & Versions: (show all)

CVE-2012-3150  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-3149  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:P/I:N/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.

Vulnerable Software & Versions: (show all)

CVE-2012-3147  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client.

Vulnerable Software & Versions: (show all)

CVE-2012-3144  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.

Vulnerable Software & Versions: (show all)

CVE-2012-2749  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.

Vulnerable Software & Versions: (show all)

CVE-2012-2102  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.

Vulnerable Software & Versions: (show all)

CVE-2012-1757  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2012-1756  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-1735  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1734  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1705  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1703  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690.

Vulnerable Software & Versions: (show all)

CVE-2012-1702  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-1697  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

Vulnerable Software & Versions: (show all)

CVE-2012-1696  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1690  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703.

Vulnerable Software & Versions: (show all)

CVE-2012-1689  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1688  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.

Vulnerable Software & Versions: (show all)

CVE-2012-0882  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.

Vulnerable Software & Versions: (show all)

CVE-2012-0583  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.

Vulnerable Software & Versions: (show all)

CVE-2012-0578  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-0574  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0572  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2012-0553  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.

Vulnerable Software & Versions: (show all)

CVE-2012-0540  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

Vulnerable Software & Versions: (show all)

CVE-2012-0492  

Severity: Low
CVSS Score: 2.1 (AV:N/AC:H/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.

Vulnerable Software & Versions: (show all)

CVE-2012-0490  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0485  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0484  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0120  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0119  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0118  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.

Vulnerable Software & Versions: (show all)

CVE-2012-0116  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0115  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0114  

Severity: Low
CVSS Score: 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0113  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.

Vulnerable Software & Versions: (show all)

CVE-2012-0112  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0102  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.

Vulnerable Software & Versions: (show all)

CVE-2012-0101  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.

Vulnerable Software & Versions: (show all)

CVE-2012-0087  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.

Vulnerable Software & Versions: (show all)

CVE-2012-0075  

Severity: Low
CVSS Score: 1.7 (AV:N/AC:H/Au:M/C:N/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2011-2262  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2010-3840  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.

Vulnerable Software & Versions: (show all)

CVE-2010-3839  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.

Vulnerable Software & Versions: (show all)

CVE-2010-3838  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."

Vulnerable Software & Versions: (show all)

CVE-2010-3837  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.

Vulnerable Software & Versions: (show all)

CVE-2010-3836  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.

Vulnerable Software & Versions: (show all)

CVE-2010-3835  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.

Vulnerable Software & Versions: (show all)

CVE-2010-3834  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."

Vulnerable Software & Versions: (show all)

CVE-2010-3833  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."

Vulnerable Software & Versions: (show all)

CVE-2010-3683  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.

Vulnerable Software & Versions: (show all)

CVE-2010-3682  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.

Vulnerable Software & Versions: (show all)

CVE-2010-3681  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.

Vulnerable Software & Versions: (show all)

CVE-2010-3680  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.

Vulnerable Software & Versions: (show all)

CVE-2010-3679  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.

Vulnerable Software & Versions: (show all)

CVE-2010-3678  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.

Vulnerable Software & Versions: (show all)

CVE-2010-3677  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.

Vulnerable Software & Versions: (show all)

CVE-2010-3676  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.

Vulnerable Software & Versions: (show all)

CVE-2010-2008  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

Vulnerable Software & Versions: (show all)

CVE-2010-1850  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.

Vulnerable Software & Versions: (show all)

CVE-2010-1849  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.

Vulnerable Software & Versions: (show all)

CVE-2010-1848  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.

Vulnerable Software & Versions: (show all)

CVE-2010-1626  

Severity: Low
CVSS Score: 3.6 (AV:L/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.

Vulnerable Software & Versions: (show all)

CVE-2010-1621  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.

Vulnerable Software & Versions:

CVE-2009-5026  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.

Vulnerable Software & Versions: (show all)

CVE-2009-4030  

Severity: Medium
CVSS Score: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.

Vulnerable Software & Versions: (show all)

CVE-2009-4028  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.

Vulnerable Software & Versions: (show all)

CVE-2009-4019  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.

Vulnerable Software & Versions: (show all)

CVE-2009-0819  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.

Vulnerable Software & Versions: (show all)

CVE-2008-7247  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.

Vulnerable Software & Versions: (show all)

CVE-2008-3963  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-134 Uncontrolled Format String

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

Vulnerable Software & Versions: (show all)

CVE-2008-2079  

Severity: Medium
CVSS Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Vulnerable Software & Versions: (show all)

CVE-2008-0226  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Vulnerable Software & Versions: (show all)

CVE-2007-6304  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.

Vulnerable Software & Versions: (show all)

CVE-2007-6303  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)

MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.

Vulnerable Software & Versions: (show all)

CVE-2007-5970  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.

Vulnerable Software & Versions: (show all)

CVE-2007-5925  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.

Vulnerable Software & Versions:

CVE-2007-2693  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:P/I:N/A:N)

MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.

Vulnerable Software & Versions: (show all)

CVE-2007-2692  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

Vulnerable Software & Versions: (show all)

CVE-2007-2691  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:N/I:P/A:P)

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

Vulnerable Software & Versions: (show all)

CVE-2007-2583  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

Vulnerable Software & Versions: (show all)

jna-platform-4.1.0.jar

Description: Java Native Access Platform

License:

LGPL, version 2.1: http://www.gnu.org/licenses/licenses.html
ASL, version 2: http://www.apache.org/licenses/
File Path: D:\maven\repository\net\java\dev\jna\jna-platform\4.1.0\jna-platform-4.1.0.jar
MD5: 533e404eda70bbf8e40de134ffeec95b
SHA1: 23457ad1cf75c2c16763330de5565a0e67b4bc0a
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: net.java.dev.jna:jna-platform:4.1.0   Confidence:HIGH

jna-4.1.0.jar

Description: Java Native Access

License:

LGPL, version 2.1: http://www.gnu.org/licenses/licenses.html
ASL, version 2: http://www.apache.org/licenses/
File Path: D:\maven\repository\net\java\dev\jna\jna\4.1.0\jna-4.1.0.jar
MD5: b0e08c9936dc52aa40439c71fcad6297
SHA1: 1c12d070e602efd8021891cdd7fd18bc129372d4
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: net.java.dev.jna:jna:4.1.0   Confidence:HIGH

jna-4.1.0.jar: jnidispatch.dll

File Path: D:\maven\repository\net\java\dev\jna\jna\4.1.0\jna-4.1.0.jar\com\sun\jna\w32ce-arm\jnidispatch.dll
MD5: 57697cbdd321ae7d06f5da04e821f908
SHA1: 67167f2b2fce8db5f9f64a372b0da54730d3ee51
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

jna-4.1.0.jar: jnidispatch.dll

File Path: D:\maven\repository\net\java\dev\jna\jna\4.1.0\jna-4.1.0.jar\com\sun\jna\win32-x86-64\jnidispatch.dll
MD5: 06b2f1f909d2436dff20d7a668ef26a9
SHA1: bd1bdda9a91f3b0d9067e323f7394bef933f81f6
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

jna-4.1.0.jar: jnidispatch.dll

File Path: D:\maven\repository\net\java\dev\jna\jna\4.1.0\jna-4.1.0.jar\com\sun\jna\win32-x86\jnidispatch.dll
MD5: 05a72ada9247aeb114a9ef01a394b6c4
SHA1: 8b32cc82740fc62afdf5ea211f1ca8bb72269bbf
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

jcip-annotations-1.0.jar

File Path: D:\maven\repository\net\jcip\jcip-annotations\1.0\jcip-annotations-1.0.jar
MD5: 9d5272954896c5a5d234f66b7372b17a
SHA1: afba4942caaeaf46aab0b976afd57cc7c181467e
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: net.jcip:jcip-annotations:1.0   Confidence:HIGH

serenity-core-1.0.58.jar

Description: Serenity core libraries

License:

The Apache Software License, Version 2.0: http://www.apache.org/license/LICENSE-2.0.txt
File Path: D:\maven\repository\net\serenity-bdd\serenity-core\1.0.58\serenity-core-1.0.58.jar
MD5: 19a5854acc7a650d5645b81ac5d2091f
SHA1: c6fb654b6be995c4ae116b75c789b1b5c68c468d
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: net.serenity-bdd:serenity-core:1.0.58   Confidence:HIGH

serenity-jbehave-1.0.23.jar

Description: Serenity JBehave integration

License:

The Apache Software License, Version 2.0: http://www.apache.org/license/LICENSE-2.0.txt
File Path: D:\maven\repository\net\serenity-bdd\serenity-jbehave\1.0.23\serenity-jbehave-1.0.23.jar
MD5: 051897b25c1a4272487ba4f22c4d7b6b
SHA1: 2d2f0395f1830e0241468906acec638a5490652f
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: net.serenity-bdd:serenity-jbehave:1.0.23   Confidence:HIGH

serenity-report-resources-1.0.58.jar

Description: Serenity Report templates

License:

The Apache Software License, Version 2.0: http://www.apache.org/license/LICENSE-2.0.txt
File Path: D:\maven\repository\net\serenity-bdd\serenity-report-resources\1.0.58\serenity-report-resources-1.0.58.jar
MD5: 3354bd584483be4aa4f64d6d4c7e6b31
SHA1: 8b7e69470b2d060dc799abf1677b618c99c86ff6
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: net.serenity-bdd:serenity-report-resources:1.0.58   Confidence:HIGH

ehcache-core-2.5.1.jar

Description: This is the ehcache core module. Pair it with other modules for added functionality.

License:

The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt
File Path: D:\maven\repository\net\sf\ehcache\ehcache-core\2.5.1\ehcache-core-2.5.1.jar
MD5: 143cfff4c10373af9e422eb9fe4ec561
SHA1: 574be2dda111c3c05d4684e279e9e973fbdc4967
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: net.sf.ehcache:ehcache-core:2.5.1   Confidence:HIGH

ehcache-core-2.5.1.jar: sizeof-agent.jar

File Path: D:\maven\repository\net\sf\ehcache\ehcache-core\2.5.1\ehcache-core-2.5.1.jar\net\sf\ehcache\pool\sizeof\sizeof-agent.jar
MD5: 5ad919b3ac0516897bdca079c9a222a8
SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571c
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: net.sf.ehcache:sizeof-agent:1.0.1   Confidence:HIGH

opencsv-2.0.jar

Description: A simple library for CVS reading and writing in Java

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\net\sf\opencsv\opencsv\2.0\opencsv-2.0.jar
MD5: 2524a73bcfd45a54b97a37b98289fc8b
SHA1: 97a2765dc2db1083e7c5afcc210db5f7cad3b442
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: net.sf.opencsv:opencsv:2.0   Confidence:HIGH

scannotation-1.0.2.jar

Description:  Scannotation is a Java library that creates an annotation database from a set of .class files

License:

Apache License V2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\net\sf\scannotation\scannotation\1.0.2\scannotation-1.0.2.jar
MD5: 13564ed27308309e8ec54c25f488d865
SHA1: e2b4559236410970da0494ca2a24991ccb53fca7
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.scannotation:scannotation:1.0.2   Confidence:HIGH

cssparser-0.9.16.jar

Description: A CSS parser which implements SAC (the Simple API for CSS).

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl.txt
File Path: D:\maven\repository\net\sourceforge\cssparser\cssparser\0.9.16\cssparser-0.9.16.jar
MD5: af14f5c8070a33b588cc7e2c2986bc38
SHA1: 3f751904d467537b8ee99c612e69d4e79d6271cf
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: net.sourceforge.cssparser:cssparser:0.9.16   Confidence:HIGH

htmlcleaner-2.10.jar

Description:  HtmlCleaner is an HTML parser written in Java. It transforms dirty HTML to well-formed XML following the same rules that most web-browsers use.

License:

BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: D:\maven\repository\net\sourceforge\htmlcleaner\htmlcleaner\2.10\htmlcleaner-2.10.jar
MD5: 016d319171dd5a535ddb8746dfcdeed5
SHA1: 70d073025a51703ba8f41db3d4e6af5dd0f1ed47
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:htmlcleaner_project:htmlcleaner:2.10   Confidence:LOW   
  • maven: net.sourceforge.htmlcleaner:htmlcleaner:2.10   Confidence:HIGH

htmlunit-core-js-2.17.jar

Description:  HtmlUnit adaptation of Mozilla Rhino Javascript engine for Java. Changes are documented by a diff (rhinoDiff.txt) contained in the generated jar files.

License:

Mozilla Public License version 2.0: http://www.mozilla.org/MPL/2.0/
File Path: D:\maven\repository\net\sourceforge\htmlunit\htmlunit-core-js\2.17\htmlunit-core-js-2.17.jar
MD5: c647e20db0da7ec16b7738c13c652084
SHA1: 4316d68f449d42f69faf4ee255aa31b03e4f7dd5
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: net.sourceforge.htmlunit:htmlunit-core-js:2.17   Confidence:HIGH

htmlunit-2.17.jar

Description: A headless browser intended for use in testing web-based applications.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\net\sourceforge\htmlunit\htmlunit\2.17\htmlunit-2.17.jar
MD5: 1cd6158aa3d12bc10af4fe4686358422
SHA1: 162c371a2ab148d1734acf27abf31b5255b332b8
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: net.sourceforge.htmlunit:htmlunit:2.17   Confidence:HIGH

jxl-2.6.12.jar

Description: JExcelApi is a java library which provides the ability to read, write, and modify Microsoft Excel spreadsheets.

License:

GNU Lesser General Public License: http://www.opensource.org/licenses/lgpl-license.php
File Path: D:\maven\repository\net\sourceforge\jexcelapi\jxl\2.6.12\jxl-2.6.12.jar
MD5: 62f8a643ebd1ffcf891b51778dc37565
SHA1: 7faf62e0697f7a88954622dfe8c8de33ed142ac7
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: net.sourceforge.jexcelapi:jxl:2.6.12   Confidence:HIGH

nekohtml-1.9.15.jar

Description: An HTML parser and tag balancer.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\net\sourceforge\nekohtml\nekohtml\1.9.15\nekohtml-1.9.15.jar
MD5: 7e4445be1da5a905b29ce1eca7fbf131
SHA1: a45cd7b7401d9c2264d4908182380452c03ebf8f
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: net.sourceforge.nekohtml:nekohtml:1.9.15   Confidence:HIGH

ognl-2.6.9.jar

Description: OGNL stands for Object-Graph Navigation Language; it is an expression language for getting and setting properties of Java objects.

License:

BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: D:\maven\repository\ognl\ognl\2.6.9\ognl-2.6.9.jar
MD5: fb4d30eab3ed221ada77479685d608c2
SHA1: fad9692184899994e977b647998f9fa4a9cfec35
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:ognl_project:ognl:2.6.9   Confidence:LOW   
  • maven: ognl:ognl:2.6.9   Confidence:HIGH

CVE-2016-3093  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.

Vulnerable Software & Versions: (show all)

antlr-complete-3.5.2.jar

File Path: D:\maven\repository\org\antlr\antlr-complete\3.5.2\antlr-complete-3.5.2.jar
MD5: acfa69f928a0f1653555bda73091efca
SHA1: 7abf224f627594a3f4ae37fcfff296730f3f4edd
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

ant-launcher-1.7.1.jar

File Path: D:\maven\repository\org\apache\ant\ant-launcher\1.7.1\ant-launcher-1.7.1.jar
MD5: b3a74162cefb389f8d3ee3f1324fb533
SHA1: a9cbbcefbbb5e7f97596045268243a8c1c7aafca
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.apache.ant:ant-launcher:1.7.1   Confidence:HIGH

ant-1.7.1.jar

Description: Apache Ant

File Path: D:\maven\repository\org\apache\ant\ant\1.7.1\ant-1.7.1.jar
MD5: ef62988c744551fb51f330eaa311bfc0
SHA1: 1d33711018e7649a8427fff62a87f94f4e7d310f
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.apache.ant:ant:1.7.1   Confidence:HIGH

axis2-kernel-1.5.jar

Description: Core Parts of Axis 2.0. This includes Axis 2.0 engine, Client API, Addressing support, etc.,

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\axis2\axis2-kernel\1.5\axis2-kernel-1.5.jar
MD5: 8e152fea57a847596e6fd073b5b7303b
SHA1: a7e5a4a7b63c0fe95dc864c13fdd14009f443686
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:axis2:1.5   Confidence:HIGHEST   
  • maven: org.apache.axis2:axis2-kernel:1.5   Confidence:HIGH

CVE-2012-5785  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Vulnerable Software & Versions: (show all)

CVE-2012-5351  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.

Vulnerable Software & Versions:

CVE-2012-4418  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Vulnerable Software & Versions:

CVE-2010-1632  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.

Vulnerable Software & Versions: (show all)

CVE-2010-0219  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-255 Credentials Management

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

Vulnerable Software & Versions: (show all)

commons-collections4-4.1.jar

Description: The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\commons\commons-collections4\4.1\commons-collections4-4.1.jar
MD5: 45af6a8e5b51d5945de6c7411e290bd1
SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:commons_collections:4.1   Confidence:LOW   
  • maven: org.apache.commons:commons-collections4:4.1   Confidence:HIGH

commons-compress-1.4.1.jar

Description:  Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, xz and ar, cpio, jar, tar, zip, dump.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\commons\commons-compress\1.4.1\commons-compress-1.4.1.jar
MD5: 7f7ff9255a831325f38a170992b70073
SHA1: b02e84a993d88568417536240e970c4b809126fd
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:commons-compress:1.4.1   Confidence:LOW   
  • maven: org.apache.commons:commons-compress:1.4.1   Confidence:HIGH

commons-exec-1.3.jar

Description: Apache Commons Exec is a library to reliably execute external processes from within the JVM.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\commons\commons-exec\1.3\commons-exec-1.3.jar
MD5: 8bb8fa2edfd60d5c7ed6bf9923d14aa8
SHA1: 8dfb9facd0830a27b1b5f29f84593f0aeee7773b
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.apache.commons:commons-exec:1.3   Confidence:HIGH

commons-lang3-3.3.2.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\commons\commons-lang3\3.3.2\commons-lang3-3.3.2.jar
MD5: 3128bf75a2549ebe38663401191bacab
SHA1: 90a3822c38ec8c996e84c16a3477ef632cbc87a3
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.apache.commons:commons-lang3:3.3.2   Confidence:HIGH

commons-vfs2-2.1-20150824.jar

Description: Apache Commons VFS is a Virtual File System library.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\commons\commons-vfs2\2.1-20150824\commons-vfs2-2.1-20150824.jar
MD5: 39b36129bc1cf372cc357b1867526bc5
SHA1: ef78e5bd68eccc4823607705896dea5199a45726
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.apache.commons:commons-vfs2:2.1-SNAPSHOT   Confidence:HIGH

derby-10.5.3.0_1.jar

Description: Contains the core Apache Derby database engine, which also includes the embedded JDBC driver.

File Path: D:\maven\repository\org\apache\derby\derby\10.5.3.0_1\derby-10.5.3.0_1.jar
MD5: 62528ed70e599cbd624f08e6ccb5d90f
SHA1: 0b0146dd76c2601a5a0632dd2e0b3b85e5b1b713
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:derby:10.5.3.0.1   Confidence:LOW   
  • maven: org.apache.derby:derby:10.5.3.0_1   Confidence:HIGH

org.osgi.core-1.0.0.jar

Description: OSGi Service Platform Release 4 Core Interfaces and Classes.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\felix\org.osgi.core\1.0.0\org.osgi.core-1.0.0.jar
MD5: 2ea74604c9ab15a51e469fdc17758bd1
SHA1: 8a73e8fe4cf05c6b2565f89695ac2d676d76202f
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.apache.felix:org.osgi.core:1.0.0   Confidence:HIGH

httpclient-4.5.5.jar

Description:  Apache HttpComponents Client

File Path: D:\maven\repository\org\apache\httpcomponents\httpclient\4.5.5\httpclient-4.5.5.jar
MD5: 97e7e5b135476b7d25a5ab31e1ea4922
SHA1: 1603dfd56ebcd583ccdf337b6c3984ac55d89e58
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:httpclient:4.5.5   Confidence:LOW   
  • maven: org.apache.httpcomponents:httpclient:4.5.5   Confidence:HIGH

httpcore-4.3-alpha1.jar

Description:  HttpComponents Core (blocking I/O)

File Path: D:\maven\repository\org\apache\httpcomponents\httpcore\4.3-alpha1\httpcore-4.3-alpha1.jar
MD5: 3ec9ed2f677f49db2b1a806586c443d5
SHA1: 21a828e4848b9cf8fdf722841f09488f4f699873
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.apache.httpcomponents:httpcore:4.3-alpha1   Confidence:HIGH

httpmime-4.4.1.jar

Description:  Apache HttpComponents HttpClient - MIME coded entities

File Path: D:\maven\repository\org\apache\httpcomponents\httpmime\4.4.1\httpmime-4.4.1.jar
MD5: 678b75d71032e823480a41123b6b3ce2
SHA1: 2f8757f5ac5e38f46c794e5229d1f3c522e9b1df
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:httpclient:4.4.1   Confidence:LOW   
  • maven: org.apache.httpcomponents:httpmime:4.4.1   Confidence:HIGH

jackrabbit-core-2.16.1.jar

Description: Jackrabbit content repository implementation

File Path: D:\maven\repository\org\apache\jackrabbit\jackrabbit-core\2.16.1\jackrabbit-core-2.16.1.jar
MD5: b7e5c741d48dd4ba02aea2bfffff519c
SHA1: c9926e85ec098e6fcf5fcd92706092ef8223512b
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:jackrabbit:2.16.1   Confidence:LOW   
  • maven: org.apache.jackrabbit:jackrabbit-core:2.16.1   Confidence:HIGH

jackrabbit-data-2.10.0.jar

Description: Jackrabbit DataStore Implentations

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\jackrabbit\jackrabbit-data\2.10.0\jackrabbit-data-2.10.0.jar
MD5: 68cfe00bb92a0cfaef5ae64d42a1207a
SHA1: 7fab6c4f08eff1d111651538a82e950db950eda9
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

CVE-2016-6801  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.

Vulnerable Software & Versions: (show all)

CVE-2015-1833  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

Vulnerable Software & Versions: (show all)

org.apache.karaf.main-3.0.3.jar

Description: This bundle is the main Karaf launcher. It's responsible of the Karaf startup including the console, branding, etc bootstrap.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\karaf\org.apache.karaf.main\3.0.3\org.apache.karaf.main-3.0.3.jar
MD5: e5dbf248a2567a233d6453f709362daf
SHA1: 13ca5b4234a8d8b8d54fc0676ab234ef4653d9da
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:karaf:3.0.3   Confidence:HIGHEST   
  • maven: org.apache.karaf:org.apache.karaf.main:3.0.3   Confidence:HIGH

CVE-2018-11788  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases.

Vulnerable Software & Versions: (show all)

CVE-2018-11787  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-287 Improper Authentication

In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web browser, and when navigated to it is available at .../system/console/gogo. Trying to go directly to that URL does require authentication. And optional bundle that some applications use is the Pax Web Extender Whiteboard, it is part of the pax-war feature and perhaps others. When it is installed, the Gogo console becomes available at another URL .../gogo/, and that URL is not secured giving access to the Karaf console to unauthenticated users. A mitigation for the issue is to manually stop/uninstall Gogo plugin bundle that is installed with the webconsole feature, although of course this removes the console from the .../system/console application, not only from the unauthenticated endpoint. One could also stop/uninstall the Pax Web Extender Whiteboard, but other components/applications may require it and so their functionality would be reduced/compromised.

Vulnerable Software & Versions: (show all)

CVE-2018-11786  

Severity: High
CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
CWE: CWE-284 Improper Access Control

In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user.

Vulnerable Software & Versions: (show all)

CVE-2016-8750  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.

Vulnerable Software & Versions: (show all)

CVE-2014-0219  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.

Vulnerable Software & Versions: (show all)

lucene-core-3.6.0.jar

Description: Apache Lucene Java Core

File Path: D:\maven\repository\org\apache\lucene\lucene-core\3.6.0\lucene-core-3.6.0.jar
MD5: 183a82e9c391a1d2174f2cd327bdef1f
SHA1: 8a0429de6b7c9918841fa2c441a6ef4cc07f2a18
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.apache.lucene:lucene-core:3.6.0   Confidence:HIGH

fontbox-2.0.4.jar

Description:  The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\pdfbox\fontbox\2.0.4\fontbox-2.0.4.jar
MD5: 66df9c47ba35f3c6803758d671cf1bd9
SHA1: 8acfda1f8ff231094fbc2c9534ce2523a84b84ae
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:font_project:font:2.0.4   Confidence:LOW   
  • maven: org.apache.pdfbox:fontbox:2.0.4   Confidence:HIGH

CVE-2015-7683  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.

Vulnerable Software & Versions:

pdfbox-app-2.0.0.jar

Description: The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\pdfbox\pdfbox-app\2.0.0\pdfbox-app-2.0.0.jar
MD5: a8eb43928182b6aac12cbee46f99fd99
SHA1: aacb85be8c89d7d4d713b25d9fa000d524ea3dbc
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:pdfbox:2.0.0   Confidence:HIGHEST   
  • maven: org.apache.pdfbox:pdfbox-app:2.0.0   Confidence:HIGH

CVE-2018-11797  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.

Vulnerable Software & Versions: (show all)

CVE-2016-2175  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

Vulnerable Software & Versions: (show all)

poi-scratchpad-3.15.jar

Description: Apache POI - Java API To Access Microsoft Format Files

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\poi\poi-scratchpad\3.15\poi-scratchpad-3.15.jar
MD5: 2d4981fb803c2ea56cab31e6bb604a8e
SHA1: f1db76ae4a9389fa4339dc3b7f8208aa82c72b04
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:poi:3.15   Confidence:LOW   
  • maven: org.apache.poi:poi-scratchpad:3.15   Confidence:HIGH

poi-3.17.jar

Description: Apache POI - Java API To Access Microsoft Format Files

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\poi\poi\3.17\poi-3.17.jar
MD5: 243bc3d431e4fadb79738719504c64f7
SHA1: 0ae92292a2043888b40d418da97dc0b669fde326
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:poi:3.17   Confidence:LOW   
  • maven: org.apache.poi:poi:3.17   Confidence:HIGH

xmlsec-1.4.4.jar

Description:  Apache Santuario supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of version 1.4, the Java library supports the standard Java API JSR-105: XML Digital Signature APIs.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\santuario\xmlsec\1.4.4\xmlsec-1.4.4.jar
MD5: 505b1d00c0ff365e49e447ca419b938d
SHA1: 51540a219dd15cf8847df13d7d57e67cc0ba6e66
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:xmlsec_project:xmlsec:1.4.4   Confidence:LOW   
  • maven: org.apache.santuario:xmlsec:1.4.4   Confidence:HIGH

tika-core-1.17.jar

Description: This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\tika\tika-core\1.17\tika-core-1.17.jar
MD5: dc1ba32dd6647a99822cf91e9c6a249d
SHA1: b450102c2aee98107474d2f92661d947b9cef183
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:tika:1.17   Confidence:HIGHEST   
  • maven: org.apache.tika:tika-core:1.17   Confidence:HIGH

CVE-2018-8017  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.

Vulnerable Software & Versions: (show all)

CVE-2018-17197  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.

Vulnerable Software & Versions: (show all)

CVE-2018-1339  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.

Vulnerable Software & Versions: (show all)

CVE-2018-1338  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.

Vulnerable Software & Versions: (show all)

CVE-2018-1335  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.

Vulnerable Software & Versions: (show all)

CVE-2018-11796  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later.

Vulnerable Software & Versions: (show all)

CVE-2018-11762  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.

Vulnerable Software & Versions: (show all)

CVE-2018-11761  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

Vulnerable Software & Versions: (show all)

xmlbeans-2.6.0.jar

Description: XmlBeans main jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\xmlbeans\xmlbeans\2.6.0\xmlbeans-2.6.0.jar
MD5: 6591c08682d613194dacb01e95c78c2c
SHA1: 29e80d2dd51f9dcdef8f9ffaee0d4dc1c9bbfc87
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.apache.xmlbeans:xmlbeans:2.6.0   Confidence:HIGH

batik-css-1.8.jar

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\xmlgraphics\batik-css\1.8\batik-css-1.8.jar
MD5: 958c61e42f99ef67d3c91dcb57defc4d
SHA1: 2b3f22cc65702a0821b7f0178d055282a1cdde59
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:batik:1.8   Confidence:HIGHEST   
  • maven: org.apache.xmlgraphics:batik-css:1.8   Confidence:HIGH

CVE-2018-8013  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

Vulnerable Software & Versions: (show all)

CVE-2017-5662  

Severity: High
CVSS Score: 7.9 (AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.

Vulnerable Software & Versions:

batik-extension-1.9.jar

Description: Batik Extension Support

File Path: D:\maven\repository\org\apache\xmlgraphics\batik-extension\1.9\batik-extension-1.9.jar
MD5: 12b4dc000de1ffaebdd02a17369b9e56
SHA1: 2e1f5d9da672694274cb0f623f0011199aa57ef2
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:batik:1.9   Confidence:HIGHEST   
  • maven: org.apache.xmlgraphics:batik-extension:1.9   Confidence:HIGH

CVE-2018-8013  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

Vulnerable Software & Versions: (show all)

fop-2.2.jar

Description: Apache FOP (Formatting Objects Processor) is the world's first print formatter driven by XSL formatting objects (XSL-FO) and the world's first output independent formatter. It is a Java application that reads a formatting object (FO) tree and renders the resulting pages to a specified output. Output formats currently supported include PDF, PCL, PS, AFP, TIFF, PNG, SVG, XML (area tree representation), Print, AWT and TXT. The primary output target is PDF.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\xmlgraphics\fop\2.2\fop-2.2.jar
MD5: 9414a22118eef21c276debf81d955757
SHA1: cc8a8ae39d215425e1dbec5552c64074d0a54b7f
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:formatting_objects_processor:2.2   Confidence:LOW   
  • maven: org.apache.xmlgraphics:fop:2.2   Confidence:HIGH

xmlgraphics-commons-2.2.jar

Description:  Apache XML Graphics Commons is a library that consists of several reusable components used by Apache Batik and Apache FOP. Many of these components can easily be used separately outside the domains of SVG and XSL-FO.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\apache\xmlgraphics\xmlgraphics-commons\2.2\xmlgraphics-commons-2.2.jar
MD5: 025a1e9ec9075ee4c07a0e7eff3f21d9
SHA1: 89f22650b8b8a5ac91207bf58190df852d97415a
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.apache.xmlgraphics:xmlgraphics-commons:2.2   Confidence:HIGH

asciidoctor-java-integration-0.1.3.jar

Description: asciidoctor-java-integration is a java binding to Asciidoctor gem.

License:

Apache License Version 2.0
File Path: D:\maven\repository\org\asciidoctor\asciidoctor-java-integration\0.1.3\asciidoctor-java-integration-0.1.3.jar
MD5: bbd0d23a552ab426b62869fd1c0dbace
SHA1: 5cf21b4331d737ef0f3b3f543a7e5a343c1f27ec
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.asciidoctor:asciidoctor-java-integration:0.1.3   Confidence:HIGH

aspectjrt-1.6.6.jar

Description: The runtime needed to execute a program using AspectJ

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: D:\maven\repository\org\aspectj\aspectjrt\1.6.6\aspectjrt-1.6.6.jar
MD5: bbb4c35f8fd9961605460ed462bd9672
SHA1: 0ff58f520e1a304b8a02b8cea8b96b1b8e5b25b0
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.aspectj:aspectjrt:1.6.6   Confidence:HIGH

bcpkix-jdk15on-1.48.jar

Description: The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.7. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: D:\maven\repository\org\bouncycastle\bcpkix-jdk15on\1.48\bcpkix-jdk15on-1.48.jar
MD5: f8fc0496846f567ec951ac0a0e25ed00
SHA1: 28b7614b908a47844bb27e3c94b45b6893656265
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.bouncycastle:bcpkix-jdk15on:1.48   Confidence:HIGH

groovy-all-2.3.3.jar

Description:  Commons CLI provides a simple API for presenting, processing and validating a command line interface.

File Path: D:\maven\repository\org\codehaus\groovy\groovy-all\2.3.3\groovy-all-2.3.3.jar
MD5: 998b6987c8a51273f5abb7680a3eeab7
SHA1: 2ca73750564253964c70b396b6b5fda54a743f04
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

CVE-2016-6814  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.

Vulnerable Software & Versions: (show all)

CVE-2016-6497  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features

main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.

Vulnerable Software & Versions:

CVE-2015-3253  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.

Vulnerable Software & Versions: (show all)

groovy-2.3.9.jar

Description:  Commons CLI provides a simple API for presenting, processing and validating a command line interface.

File Path: D:\maven\repository\org\codehaus\groovy\groovy\2.3.9\groovy-2.3.9.jar
MD5: db03ce6c30d568c0ce055de65d6cf15a
SHA1: 1ed2b75409d009327e7d1acf205e1c0401078ad5
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

CVE-2016-6814  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.

Vulnerable Software & Versions: (show all)

CVE-2016-6497  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features

main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.

Vulnerable Software & Versions:

CVE-2015-3253  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.

Vulnerable Software & Versions: (show all)

jackson-core-asl-1.9.2.jar

Description: Jackson is a high-performance JSON processor (parser, generator)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\codehaus\jackson\jackson-core-asl\1.9.2\jackson-core-asl-1.9.2.jar
MD5: 3a569b4b918f23392e63028b896cb9c4
SHA1: 8493982bba1727106d767034bd0d8e77bc1931a9
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:fasterxml:jackson:1.9.2   Confidence:LOW   
  • maven: org.codehaus.jackson:jackson-core-asl:1.9.2   Confidence:HIGH

jackson-xc-1.9.2.jar

Description: Extensions that provide interoperability support for Jackson JSON processor's data binding functionality.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
GNU Lesser General Public License (LGPL), Version 2.1: http://www.fsf.org/licensing/licenses/lgpl.txt
File Path: D:\maven\repository\org\codehaus\jackson\jackson-xc\1.9.2\jackson-xc-1.9.2.jar
MD5: d9d4d69e16e45595f0542eb6f2cf1117
SHA1: 437c991a8eb2c8b69ef1dba2eba27fccb9b98448
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:fasterxml:jackson-databind:1.9.2   Confidence:LOW   
  • cpe: cpe:/a:fasterxml:jackson:1.9.2   Confidence:LOW   
  • maven: org.codehaus.jackson:jackson-xc:1.9.2   Confidence:HIGH

CVE-2018-5968  

Severity: Medium
CVSS Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-184 Incomplete Blacklist

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

Vulnerable Software & Versions: (show all)

CVE-2017-17485  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

Vulnerable Software & Versions: (show all)

jettison-1.2.jar

Description: A StAX implementation for JSON.

File Path: D:\maven\repository\org\codehaus\jettison\jettison\1.2\jettison-1.2.jar
MD5: 4661a5152aa90f104948bdc78fdf255c
SHA1: 0765a6181653f4b05c18c7a9e8f5c1f8269bf9b2
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.codehaus.jettison:jettison:1.2   Confidence:HIGH

plexus-utils-3.0.10.jar

Description: A collection of various utility classes to ease working with strings, files, command lines, XML and more.

File Path: D:\maven\repository\org\codehaus\plexus\plexus-utils\3.0.10\plexus-utils-3.0.10.jar
MD5: b8e14dd6e93c8f34888846dcac492160
SHA1: 65e6460a49460d2ca038f8644ff9ae6d878733b8
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.codehaus.plexus:plexus-utils:3.0.10   Confidence:HIGH

jetty-io-9.2.11.v20150529.jar

Description: Administrative parent pom for Jetty modules

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: D:\maven\repository\org\eclipse\jetty\jetty-io\9.2.11.v20150529\jetty-io-9.2.11.v20150529.jar
MD5: bed381cf32b725da52b2b7b2b2de6e7c
SHA1: 8d13b907fcc1bc190901f6842752fc6be8d406cf
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.eclipse.jetty:jetty-io:9.2.11.v20150529   Confidence:HIGH

jetty-util-8.1.15.v20140411.jar

Description: Utility classes for Jetty

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: D:\maven\repository\org\eclipse\jetty\jetty-util\8.1.15.v20140411\jetty-util-8.1.15.v20140411.jar
MD5: ed9cdb7a21bd0ba982a0f341520f3183
SHA1: 9fe1fedd4c3a0bc5dbc2f1c0588fc5c9c83014a5
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:eclipse:jetty:8.1.15.v20140411   Confidence:LOW   
  • cpe: cpe:/a:jetty:jetty:8.1.15.v20140411   Confidence:LOW   
  • maven: org.eclipse.jetty:jetty-util:8.1.15.v20140411   Confidence:HIGH

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

CVE-2017-7658  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

Vulnerable Software & Versions: (show all)

CVE-2017-7657  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Vulnerable Software & Versions: (show all)

CVE-2017-7656  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

Vulnerable Software & Versions: (show all)

websocket-api-9.2.11.v20150529.jar

Description: Administrative parent pom for Jetty modules

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: D:\maven\repository\org\eclipse\jetty\websocket\websocket-api\9.2.11.v20150529\websocket-api-9.2.11.v20150529.jar
MD5: ae0322bdce722915da08804dad67c0fc
SHA1: ded6ab7af4989e92efe5f602a57e231dc1ffa319
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:eclipse:jetty:9.2.11.v20150529   Confidence:LOW   
  • cpe: cpe:/a:jetty:jetty:9.2.11.v20150529   Confidence:LOW   
  • maven: org.eclipse.jetty.websocket:websocket-api:9.2.11.v20150529   Confidence:HIGH

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

CVE-2017-7658  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

Vulnerable Software & Versions: (show all)

CVE-2017-7657  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Vulnerable Software & Versions: (show all)

CVE-2017-7656  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

Vulnerable Software & Versions: (show all)

fluentlenium-core-0.10.2.jar

Description: Core of FluentLenium

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\fluentlenium\fluentlenium-core\0.10.2\fluentlenium-core-0.10.2.jar
MD5: d6fa10e3074fcd48e52d570df30ef16f
SHA1: 8795bd4ce7050f0c45b772e8d3b36c39646e2f0b
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.fluentlenium:fluentlenium-core:0.10.2   Confidence:HIGH

fontbox-0.1.0.jar

Description: FontBox is a Java font library used to obtain low level information from font files.

License:

BSD: http://www.fontbox.org/license.html
File Path: D:\maven\repository\org\fontbox\fontbox\0.1.0\fontbox-0.1.0.jar
MD5: 637d5f45fca0e8303e7cbab076e82bb6
SHA1: 9d56527bea3bfdf523e13940ad2cf391a84d5a10
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:font_project:font:0.1.0   Confidence:LOW   
  • maven: org.fontbox:fontbox:0.1.0   Confidence:HIGH

CVE-2015-7683  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.

Vulnerable Software & Versions:

freemarker-2.3.21.jar

Description:  FreeMarker is a "template engine"; a generic tool to generate text output based on templates.

License:

Apache License, Version 2.0: http://freemarker.org/LICENSE.txt
File Path: D:\maven\repository\org\freemarker\freemarker\2.3.21\freemarker-2.3.21.jar
MD5: bdc6a9d3a41bc13e5965fc06e74c16c2
SHA1: 6c2d24aca63fadba2c99fb65218769cfb11099f4
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.freemarker:freemarker:2.3.21   Confidence:HIGH

webservices-api-2.1.jar

File Path: D:\maven\repository\org\glassfish\metro\webservices-api\2.1\webservices-api-2.1.jar
MD5: ad7769c36cda829c51fb65f7c71b682f
SHA1: 7260dedfcdd0675821658b0bd9c8082814188ec9
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

webservices-rt-2.1.jar

File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar
MD5: 694908af81368ffd291abdca6d5414fb
SHA1: 71abd9b6d551da067e4614177fdfd3dc5509bbd3
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

javax.el-2.2.4.jar

Description: Java.net - The Source for Java Technology Collaboration

License:

CDDL + GPLv2 with classpath exception: http://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: D:\maven\repository\org\glassfish\web\javax.el\2.2.4\javax.el-2.2.4.jar
MD5: 630281cfda93b57a95287dac09184014
SHA1: a50914ff519682e185bca4385b4313b8c8a81775
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

CVE-2015-2808  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Vulnerable Software & Versions: (show all)

CVE-2013-2566  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Vulnerable Software & Versions: (show all)

hamcrest-all-1.3.jar

Description:  QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\hamcrest\hamcrest-all\1.3\hamcrest-all-1.3.jar
MD5: ae5102286b5720dd286d6b606cb891e2
SHA1: 63a21ebc981131004ad02e0434e799fd7f3a8d5a
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: com.thoughtworks.qdox:qdox:1.12   Confidence:HIGH

hamcrest-core-1.3.jar

Description:  This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: D:\maven\repository\org\hamcrest\hamcrest-core\1.3\hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.hamcrest:hamcrest-core:1.3   Confidence:HIGH

hamcrest-integration-1.3.jar

Description:  Provides integration between Hamcrest and other testing tools, including JUnit (3 and 4), TestNG, jMock and EasyMock.

File Path: D:\maven\repository\org\hamcrest\hamcrest-integration\1.3\hamcrest-integration-1.3.jar
MD5: c145982b549171841ead95bd2fee78ce
SHA1: 5de0c73fef18917cd85d0ab70bb23818685e4dfd
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.hamcrest:hamcrest-integration:1.3   Confidence:HIGH

hamcrest-library-1.3.jar

Description:  Hamcrest library of matcher implementations.

File Path: D:\maven\repository\org\hamcrest\hamcrest-library\1.3\hamcrest-library-1.3.jar
MD5: 110ad2ea84f7031a1798648b6b318e79
SHA1: 4785a3c21320980282f9f33d0d1264a69040538f
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.hamcrest:hamcrest-library:1.3   Confidence:HIGH

hibernate-commons-annotations-4.0.4.Final.jar

Description: Common reflection code used in support of annotation processing

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: D:\maven\repository\org\hibernate\common\hibernate-commons-annotations\4.0.4.Final\hibernate-commons-annotations-4.0.4.Final.jar
MD5: 90c622b00ff8363f7898ba867c03b46e
SHA1: f1af75eca4e13ac0578750a497159695feceebfc
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:processing:processing:4.0.4   Confidence:LOW   
  • maven: org.hibernate.common:hibernate-commons-annotations:4.0.4.Final   Confidence:HIGH

hibernate-core-4.3.5.Final.jar

Description: The core O/RM functionality as provided by Hibernate

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: D:\maven\repository\org\hibernate\hibernate-core\4.3.5.Final\hibernate-core-4.3.5.Final.jar
MD5: a36bbc23703592a62fe836b3b0c25a85
SHA1: 8ba469a4749447a8e9a04f229c8017f60f9a04c9
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.hibernate:hibernate-core:4.3.5.Final   Confidence:HIGH

hibernate-ehcache-3.6.0.Final.jar

Description: Integration of Hibernate with Ehcache

File Path: D:\maven\repository\org\hibernate\hibernate-ehcache\3.6.0.Final\hibernate-ehcache-3.6.0.Final.jar
MD5: f5c75ee1f3859b09905398aabdc75fe9
SHA1: 95c3d794d0bdf39dfbe70a67863f9b204c9e0614
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.hibernate:hibernate-ehcache:3.6.0.Final   Confidence:HIGH

hibernate-validator-5.1.1.Final.jar

Description: Hibernate's Bean Validation (JSR-303) reference implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\hibernate\hibernate-validator\5.1.1.Final\hibernate-validator-5.1.1.Final.jar
MD5: a5069c549b7710598c2545b922465f3f
SHA1: 2bd44618dc13c2be39231776a0edf0e1f867dedc
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

CVE-2014-3558  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

Vulnerable Software & Versions: (show all)

hibernate-jpa-2.1-api-1.0.0.Final.jar

Description: Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details

License:

Eclipse Public License (EPL), Version 1.0: http://www.eclipse.org/legal/epl-v10.html
Eclipse Distribution License (EDL), Version 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: D:\maven\repository\org\hibernate\javax\persistence\hibernate-jpa-2.1-api\1.0.0.Final\hibernate-jpa-2.1-api-1.0.0.Final.jar
MD5: 01b091825023c97fdfd6d2bceebe03ff
SHA1: 5e731d961297e5a07290bfaf3db1fbc8bbbf405a
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.hibernate.javax.persistence:hibernate-jpa-2.1-api:1.0.0.Final   Confidence:HIGH

ini4j-0.5.2.jar

Description: Java API for handling configuration files in Windows .ini format. The library includes its own Map based API, Java Preferences API and Java Beans API for handling .ini files. Additionally, the library includes a feature rich (variable/macro substitution, multiply property values, etc) java.util.Properties replacement.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\ini4j\ini4j\0.5.2\ini4j-0.5.2.jar
MD5: 50738a9e30cce8f6d63d5a2b63fffd63
SHA1: 16561cb11c221b5928119e10d7636c95ee5c960d
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.ini4j:ini4j:0.5.2   Confidence:HIGH

cas-client-core-3.3.2.jar

File Path: D:\maven\repository\org\jasig\cas\client\cas-client-core\3.3.2\cas-client-core-3.3.2.jar
MD5: e8379957f4366aca2420003d2f29d84a
SHA1: 5f78c843136d73d816608c9c9b365fa2c0aa0316
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.jasig.cas.client:cas-client-core:3.3.2   Confidence:HIGH

javassist-3.20.0-GA.jar

Description:  Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: D:\maven\repository\org\javassist\javassist\3.20.0-GA\javassist-3.20.0-GA.jar
MD5: a89dd7907d76e061ec2c07e762a74256
SHA1: a9cbcdfb7e9f86fbc74d3afae65f2248bfbf82a0
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.javassist:javassist:3.20.0-GA   Confidence:HIGH

jbehave-core-3.9.3.jar

Description: JBehave Core contains all the core functionality for running BDD stories.

File Path: D:\maven\repository\org\jbehave\jbehave-core\3.9.3\jbehave-core-3.9.3.jar
MD5: c0a25086212ad8c4264919c7e6e14cc5
SHA1: 3ee85da44f2e3b2facbbc0f3dd39f88594bd34a8
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.jbehave:jbehave-core:3.9.3   Confidence:HIGH

jandex-1.1.0.Final.jar

License:

AL 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\jboss\jandex\1.1.0.Final\jandex-1.1.0.Final.jar
MD5: 8c14c068df8c33632ab6658ffdda292c
SHA1: e84a2122e76f0b6503be78094ddf2108057ac15f
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.jboss:jandex:1.1.0.Final   Confidence:HIGH

jboss-logging-annotations-1.2.0.Beta1.jar

File Path: D:\maven\repository\org\jboss\logging\jboss-logging-annotations\1.2.0.Beta1\jboss-logging-annotations-1.2.0.Beta1.jar
MD5: 938e552e319015a8863dd91284aada54
SHA1: 2f437f37bb265d9f8f1392823dbca12d2bec06d6
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.jboss.logging:jboss-logging-annotations:1.2.0.Beta1   Confidence:HIGH

jboss-logging-3.1.3.GA.jar

Description: The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\jboss\logging\jboss-logging\3.1.3.GA\jboss-logging-3.1.3.GA.jar
MD5: 1cb9780e7b361dd456429019b5455b6e
SHA1: 64499e907f19e5e1b3fdc02f81440c1832fe3545
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.jboss.logging:jboss-logging:3.1.3.GA   Confidence:HIGH

jboss-transaction-api_1.2_spec-1.0.0.Final.jar

Description: The Java Transaction 1.2 API classes

License:

Common Development and Distribution License: http://repository.jboss.org/licenses/cddl.txt
GNU General Public License, Version 2 with the Classpath Exception: http://repository.jboss.org/licenses/gpl-2.0-ce.txt
File Path: D:\maven\repository\org\jboss\spec\javax\transaction\jboss-transaction-api_1.2_spec\1.0.0.Final\jboss-transaction-api_1.2_spec-1.0.0.Final.jar
MD5: aa7df2440f20946a61005c533dc4915c
SHA1: 1f9fef7a9fcbb41cc390fc370a291cf30729e094
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.jboss.spec.javax.transaction:jboss-transaction-api_1.2_spec:1.0.0.Final   Confidence:HIGH

jdom2-2.0.5.jar

Description:  A complete, Java-based solution for accessing, manipulating, and outputting XML data

License:

Similar to Apache License but with the acknowledgment clause removed: https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt
File Path: D:\maven\repository\org\jdom\jdom2\2.0.5\jdom2-2.0.5.jar
MD5: 302db3c65c38d3c10ef31bca76bd76b4
SHA1: 2001db51c131e555bafdb77fc52af6a9408c505e
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.jdom:jdom2:2.0.5   Confidence:HIGH

jdom-1.1.jar

Description:  JDOM is, quite simply, a Java representation of an XML document. JDOM provides a way to represent that document for easy and efficient reading, manipulation, and writing. It has a straightforward API, is a lightweight and fast, and is optimized for the Java programmer. It's an alternative to DOM and SAX, although it integrates well with both DOM and SAX.

File Path: D:\maven\repository\org\jdom\jdom\1.1\jdom-1.1.jar
MD5: adf67fc5dcf48e1593640ad7e02f6ad4
SHA1: 1d04c0f321ea337f3661cf7ede8f4c6f653a8fdd
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.jdom:jdom:1.1   Confidence:HIGH

jempbox-0.2.0.jar

Description: JempBox is an open source Java library that implements Adobe's XMP(TM) specification.

License:

BSD: http://www.jempbox.org/license.html
File Path: D:\maven\repository\org\jempbox\jempbox\0.2.0\jempbox-0.2.0.jar
MD5: a549c7919b33e0a2bce04f7f61001c95
SHA1: ea62d31c76bd0bd11a5f8b540f340678c5c15191
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.jempbox:jempbox:0.2.0   Confidence:HIGH

jruby-complete-1.7.4.jar

Description: JRuby 1.7.4 OSGi bundle

File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar
MD5: be7116ad25e9535a09bbd1a49934ab30
SHA1: 74984d84846523bd7da49064679ed1ccf199e1db
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:jruby:jruby:1.7.4   Confidence:LOW   

CVE-2012-5370  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-310 Cryptographic Issues

JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838.

Vulnerable Software & Versions:

jruby-complete-1.7.4.jar: jffi-1.2.dll

File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\jni\i386-Windows\jffi-1.2.dll
MD5: 841e60814ed6b2971a47b267aef1c58a
SHA1: 07d30c6407fefad8df4b6afc4d85f83e547975ca
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

jruby-complete-1.7.4.jar: jffi-1.2.dll

File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\jni\x86_64-Windows\jffi-1.2.dll
MD5: 5d80b61c1f9e31860c17b3a410948e7e
SHA1: 5ca292116336ee4ceed00d10e756afea580e62cf
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

jruby-complete-1.7.4.jar: jrubyw.exe

File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF\jruby.home\bin\jrubyw.exe
MD5: 7fac7402fa849bebb8ed0823f84c2177
SHA1: b752812d5570ac91fdfd85c548348d1ae1f6e1d4
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

jruby-complete-1.7.4.jar: generator.jar

File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF\jruby.home\lib\ruby\1.9\json\ext\generator.jar
MD5: 071287692350840c3af274e0e3de1f6d
SHA1: dbf8269aaed5a870f6d4f52b210fa96f63c29d6c
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

jruby-complete-1.7.4.jar: parser.jar

File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF\jruby.home\lib\ruby\1.9\json\ext\parser.jar
MD5: 60062e853bc5ed39d157b3754487ad78
SHA1: 9e20a79badf407b5a3aa18b58feccdfa5c0cc2af
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

jruby-complete-1.7.4.jar: bcpkix-jdk15on-147.jar

File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF\jruby.home\lib\ruby\shared\bcpkix-jdk15on-147.jar
MD5: a4316d3710840f4b7152b7ac1c904679
SHA1: cd204e6f26d2bbf65ff3a30de8831d3a1344e851
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

jruby-complete-1.7.4.jar: bcprov-jdk15on-147.jar

File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF\jruby.home\lib\ruby\shared\bcprov-jdk15on-147.jar
MD5: 7749dd7eca4403fb968ddc484263736a
SHA1: b6f5d9926b0afbde9f4dbe3db88c5247be7794bb
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

jruby-complete-1.7.4.jar: jopenssl.jar

File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF\jruby.home\lib\ruby\shared\jopenssl.jar
MD5: ac1f8fcfe232a0feb2da920d64400ec0
SHA1: a49ddf324632e55a3e70cc9951948d6b415a9a97
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:openssl:openssl:-   Confidence:LOW   
  • cpe: cpe:/a:openssl_project:openssl:-   Confidence:LOW   

CVE-2018-5407  

Severity: Low
CVSS Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

Vulnerable Software & Versions: (show all)

CVE-2018-12438  

Severity: Low
CVSS Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Vulnerable Software & Versions: (show all)

CVE-2018-12437  

Severity: Low
CVSS Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Vulnerable Software & Versions: (show all)

CVE-2018-12433  

Severity: Low
CVSS Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model.

Vulnerable Software & Versions: (show all)

CVE-2016-7056  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-320 Key Management Errors

A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

Vulnerable Software & Versions:

CVE-2016-7055  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)
CWE: CWE-320 Key Management Errors

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.

Vulnerable Software & Versions: (show all)

CVE-2016-2176  

Severity: Medium
CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.

Vulnerable Software & Versions: (show all)

CVE-2016-2109  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

Vulnerable Software & Versions: (show all)

CVE-2016-2108  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Vulnerable Software & Versions: (show all)

CVE-2016-2107  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

Vulnerable Software & Versions: (show all)

CVE-2016-2106  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

Vulnerable Software & Versions: (show all)

CVE-2016-0704  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

Vulnerable Software & Versions: (show all)

CVE-2016-0703  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.

Vulnerable Software & Versions: (show all)

CVE-2015-4000  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-310 Cryptographic Issues

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Vulnerable Software & Versions: (show all)

CVE-2015-1792  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.

Vulnerable Software & Versions: (show all)

CVE-2015-1791  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.

Vulnerable Software & Versions: (show all)

CVE-2015-1790  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.

Vulnerable Software & Versions: (show all)

CVE-2015-1789  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

Vulnerable Software & Versions: (show all)

CVE-2015-1788  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.

Vulnerable Software & Versions: (show all)

CVE-2015-0293  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.

Vulnerable Software & Versions: (show all)

CVE-2015-0292  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.

Vulnerable Software & Versions: (show all)

CVE-2015-0289  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.

Vulnerable Software & Versions: (show all)

CVE-2015-0288  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.

Vulnerable Software & Versions: (show all)

CVE-2015-0287  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-17 Code

The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.

Vulnerable Software & Versions: (show all)

CVE-2015-0286  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-17 Code

The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.

Vulnerable Software & Versions: (show all)

CVE-2015-0209  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.

Vulnerable Software & Versions: (show all)

CVE-2015-0204  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-310 Cryptographic Issues

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.

Vulnerable Software & Versions: (show all)

CVE-2014-8275  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-310 Cryptographic Issues

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.

Vulnerable Software & Versions: (show all)

CVE-2014-8176  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.

Vulnerable Software & Versions: (show all)

CVE-2014-3572  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-310 Cryptographic Issues

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.

Vulnerable Software & Versions: (show all)

CVE-2014-3571  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.

Vulnerable Software & Versions: (show all)

CVE-2014-3570  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.

Vulnerable Software & Versions: (show all)

CVE-2014-3568  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-310 Cryptographic Issues

OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.

Vulnerable Software & Versions: (show all)

CVE-2014-3567  

Severity: High
CVSS Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors

Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.

Vulnerable Software & Versions: (show all)

CVE-2014-3470  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-310 Cryptographic Issues

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

Vulnerable Software & Versions: (show all)

CVE-2014-0224  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-310 Cryptographic Issues

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Vulnerable Software & Versions: (show all)

CVE-2014-0221  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

Vulnerable Software & Versions: (show all)

CVE-2014-0195  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.

Vulnerable Software & Versions: (show all)

CVE-2014-0076  

Severity: Low
CVSS Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

Vulnerable Software & Versions: (show all)

CVE-2013-6449  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-310 Cryptographic Issues

The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.

Vulnerable Software & Versions: (show all)

CVE-2013-0169  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

Vulnerable Software & Versions: (show all)

CVE-2012-2333  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-189 Numeric Errors

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

Vulnerable Software & Versions: (show all)

CVE-2012-2110  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

Vulnerable Software & Versions: (show all)

CVE-2012-1165  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.

Vulnerable Software & Versions: (show all)

CVE-2012-0884  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.

Vulnerable Software & Versions: (show all)

CVE-2012-0027  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.

Vulnerable Software & Versions: (show all)

CVE-2011-4619  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2011-4577  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.

Vulnerable Software & Versions: (show all)

CVE-2011-4576  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

Vulnerable Software & Versions: (show all)

CVE-2011-4354  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-310 Cryptographic Issues

crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.

Vulnerable Software & Versions: (show all)

CVE-2011-4108  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.

Vulnerable Software & Versions: (show all)

CVE-2011-1945  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.

Vulnerable Software & Versions: (show all)

CVE-2011-1473  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.

Vulnerable Software & Versions: (show all)

CVE-2010-5298  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)
CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

Vulnerable Software & Versions: (show all)

CVE-2010-4252  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-287 Improper Authentication

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

Vulnerable Software & Versions: (show all)

CVE-2010-4180  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

Vulnerable Software & Versions: (show all)

CVE-2010-0742  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-310 Cryptographic Issues

The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.

Vulnerable Software & Versions: (show all)

CVE-2010-0433  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.

Vulnerable Software & Versions: (show all)

CVE-2009-4355  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.

Vulnerable Software & Versions: (show all)

CVE-2009-3555  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-310 Cryptographic Issues

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

Vulnerable Software & Versions: (show all)

CVE-2009-3245  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-20 Improper Input Validation

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

Vulnerable Software & Versions: (show all)

CVE-2009-1387  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."

Vulnerable Software & Versions: (show all)

CVE-2009-1386  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

Vulnerable Software & Versions: (show all)

CVE-2009-1378  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

Vulnerable Software & Versions: (show all)

CVE-2009-1377  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."

Vulnerable Software & Versions: (show all)

CVE-2009-0789  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.

Vulnerable Software & Versions: (show all)

CVE-2009-0590  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

Vulnerable Software & Versions: (show all)

CVE-2008-7270  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-310 Cryptographic Issues

OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.

Vulnerable Software & Versions: (show all)

CVE-2008-5077  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-20 Improper Input Validation

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

Vulnerable Software & Versions: (show all)

CVE-2007-5536  

Severity: Medium
CVSS Score: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)

Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.

Vulnerable Software & Versions:

CVE-2007-3108  

Severity: Low
CVSS Score: 1.2 (AV:L/AC:H/Au:N/C:P/I:N/A:N)

The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

Vulnerable Software & Versions:

CVE-2006-7250  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.

Vulnerable Software & Versions: (show all)

CVE-2006-4339  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.

Vulnerable Software & Versions: (show all)

CVE-2000-1254  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues

crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms.

Vulnerable Software & Versions:

CVE-1999-0428  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.

Vulnerable Software & Versions: (show all)

jruby-complete-1.7.4.jar: kryptcore.jar

File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF\jruby.home\lib\ruby\shared\kryptcore.jar
MD5: d824332166eee8cc7d51e37ce21007be
SHA1: 9cb457a24abcf6451fb23f2f70603e0ced3e5592
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

jruby-complete-1.7.4.jar: kryptproviderjdk.jar

File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF\jruby.home\lib\ruby\shared\kryptproviderjdk.jar
MD5: 282a7d8c57b3ecf27278c9489f4be6d4
SHA1: 32b15c5bc9238035fc6e4f9cdeb1da48e7268cce
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

jruby-complete-1.7.4.jar: jansi.dll

File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF\native\windows32\jansi.dll
MD5: 1f2e782f590fd99e3e8820565a5d5efb
SHA1: da125d2255050e13db6a84325e40f5c20eae81af
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

jruby-complete-1.7.4.jar: jansi.dll

File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF\native\windows64\jansi.dll
MD5: f4f883eaf7f7413a085d9868511af8a9
SHA1: 5da042be27f3b6f0a8e6cff07ad678c6975726a4
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

mimepull-1.9.4.jar

Description:  Provides a streaming API to access attachments parts in a MIME message.

License:

CDDL 1.1: https://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: D:\maven\repository\org\jvnet\mimepull\mimepull\1.9.4\mimepull-1.9.4.jar
MD5: c2d46f041ac535d98ff32169beb5468d
SHA1: 6ffca64fe0209a94c5a973a32e93b5eae0ac384e
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.jvnet.mimepull:mimepull:1.9.4   Confidence:HIGH

mockito-all-1.8.5.jar

Description: Mock objects library for java

License:

The MIT License: http://code.google.com/p/mockito/wiki/License
File Path: D:\maven\repository\org\mockito\mockito-all\1.8.5\mockito-all-1.8.5.jar
MD5: 68050f76689dfdcd6e93b2cf79dfbaf2
SHA1: a927d8ae3b8d22eb745a74f94e59ce3882f2b524
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.mockito:mockito-all:1.8.5   Confidence:HIGH

servlet-api-2.5-6.1.9.jar

Description: Servlet Specification 2.5 API

License:

CDDL 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: D:\maven\repository\org\mortbay\jetty\servlet-api-2.5\6.1.9\servlet-api-2.5-6.1.9.jar
MD5: dad2570120128ac0938512318211b8dd
SHA1: 96425fc6a410817cd4c27e65a240cb8328eee9ad
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:jetty:jetty:6.1.9   Confidence:LOW   
  • cpe: cpe:/a:mortbay:jetty:6.1.9   Confidence:HIGHEST   
  • cpe: cpe:/a:mortbay_jetty:jetty:6.1.9   Confidence:LOW   
  • maven: org.mortbay.jetty:servlet-api-2.5:6.1.9   Confidence:HIGH

CVE-2011-4461  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-310 Cryptographic Issues

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Vulnerable Software & Versions: (show all)

CVE-2009-4612  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3) jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.

Vulnerable Software & Versions: (show all)

CVE-2009-4611  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application.

Vulnerable Software & Versions: (show all)

CVE-2009-4610  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/.

Vulnerable Software & Versions: (show all)

CVE-2009-4609  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable.

Vulnerable Software & Versions: (show all)

CVE-2009-1524  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.

Vulnerable Software & Versions: (show all)

CVE-2009-1523  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

Vulnerable Software & Versions: (show all)

rhino-1.7R5.jar

Description:  Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users.

License:

Mozilla Public License, Version 2.0: http://www.mozilla.org/MPL/2.0/index.txt
File Path: D:\maven\repository\org\mozilla\rhino\1.7R5\rhino-1.7R5.jar
MD5: 515233bd8a534c0468f6e397fc6b1925
SHA1: 95f0003cea7ebf26aef5ed64c77c05fcd1ff9648
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.mozilla:rhino:1.7R5   Confidence:HIGH

jmi-200507110943.jar

Description: Artifactory auto generated POM

File Path: D:\maven\repository\org\netbeans\jmi\200507110943\jmi-200507110943.jar
MD5: b3121f6b2fdd0b111ce498d3fca22f52
SHA1: 97c79cca361f37521396472e30fd8f2145f2c6b7
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.netbeans:jmi:200507110943   Confidence:HIGH

jmiutils-200507110943.jar

Description: Artifactory auto generated POM

File Path: D:\maven\repository\org\netbeans\jmiutils\200507110943\jmiutils-200507110943.jar
MD5: ff499e340a13c7846e617565c6c4509f
SHA1: 27811ee82d19293e75b6c4b9c602ec2f8780eb83
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.netbeans:jmiutils:200507110943   Confidence:HIGH

mdrapi-200507110943.jar

Description: Artifactory auto generated POM

File Path: D:\maven\repository\org\netbeans\mdrapi\200507110943\mdrapi-200507110943.jar
MD5: 86c8d7cb19f9ce488654998ff3d44865
SHA1: d50b2ddba9d5f56412b0bfd85e2c9b8f4d84f9a0
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.netbeans:mdrapi:200507110943   Confidence:HIGH

mof-200507110943.jar

Description: Artifactory auto generated POM

File Path: D:\maven\repository\org\netbeans\mof\200507110943\mof-200507110943.jar
MD5: e8015ee5be9e177e69d305a6007a653a
SHA1: 4e18215c086ccd6953a75ee7659329fdc5a5e1be
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.netbeans:mof:200507110943   Confidence:HIGH

nbmdr-200507110943-custom.jar

Description: Artifactory auto generated POM

File Path: D:\maven\repository\org\netbeans\nbmdr\200507110943-custom\nbmdr-200507110943-custom.jar
MD5: 204cc8956d8c719b4d3cf56cdd353122
SHA1: 6bf48285a1b73246eebd3ad82fc8d014901fba81
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.netbeans:nbmdr:200507110943-custom   Confidence:HIGH

openide-util-200507110943.jar

Description: Artifactory auto generated POM

File Path: D:\maven\repository\org\netbeans\openide-util\200507110943\openide-util-200507110943.jar
MD5: 287508797c7b43bacc07bfe972a557f5
SHA1: 93b7a9212e13f19ceb24c9b20845f8daea20d2d3
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.netbeans:openide-util:200507110943   Confidence:HIGH

objenesis-2.1.jar

Description: A library for instantiating Java objects

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\objenesis\objenesis\2.1\objenesis-2.1.jar
MD5: 32ccb1d20a42b5aaaceb90c9082a2efa
SHA1: 87c0ea803b69252868d09308b4618f766f135a96
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.objenesis:objenesis:2.1   Confidence:HIGH

olap4j-xmla-TRUNK-SNAPSHOT.jar

File Path: D:\maven\repository\org\olap4j\olap4j-xmla\TRUNK-SNAPSHOT\olap4j-xmla-TRUNK-SNAPSHOT.jar
MD5: b4040c5c434515b2178d453d697a1ece
SHA1: 177dbad7acdcdcfe842250c897612d5f37ad8d0a
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.olap4j:olap4j-xmla:TRUNK-SNAPSHOT   Confidence:HIGH

olap4j-xmlaserver-1.2.0.jar

Description: XML for Analysis (XMLA) server based upon olap4j connections

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.html
File Path: D:\maven\repository\org\olap4j\olap4j-xmlaserver\1.2.0\olap4j-xmlaserver-1.2.0.jar
MD5: e538d4722b3f8380fe3eaae23e50bf5e
SHA1: fb66a7aa980318122e45e4ca2647db80e89e2f8c
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:connections_project:connections:1.2.0   Confidence:LOW   
  • maven: org.olap4j:olap4j-xmlaserver:1.2.0   Confidence:HIGH

olap4j-TRUNK-SNAPSHOT.jar

File Path: D:\maven\repository\org\olap4j\olap4j\TRUNK-SNAPSHOT\olap4j-TRUNK-SNAPSHOT.jar
MD5: ba362fac932ff2770f83025880e9c2f0
SHA1: a4eb92afde4af322120377a6c17da15893ea483e
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.olap4j:olap4j:TRUNK-SNAPSHOT   Confidence:HIGH

opensaml-2.5.1-1.jar

Description:  The OpenSAML-J library provides tools to support developers working with the Security Assertion Markup Language (SAML).

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\opensaml\opensaml\2.5.1-1\opensaml-2.5.1-1.jar
MD5: 1d7b3adc3f43fca064ff44faaf3e21bb
SHA1: 9736dcbe852dda3ce263a9c6e33579cd5af203e5
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:internet2:opensaml:2.5.1.1   Confidence:LOW   
  • maven: org.opensaml:opensaml:2.5.1-1   Confidence:HIGH

openws-1.4.2-1.jar

Description:  The OpenWS library provides a growing set of tools to work with web services at a low level. These tools include classes for creating and reading SOAP messages, transport-independent clients for connecting to web services, and various transports for use with those clients.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\opensaml\openws\1.4.2-1\openws-1.4.2-1.jar
MD5: 8f84c09de5295c630e21febcdc09521c
SHA1: c835fd5214632ed4befbca23dd42e062e80ceb85
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:ws_project:ws:1.4.2.1   Confidence:LOW   
  • maven: org.opensaml:openws:1.4.2-1   Confidence:HIGH

xmltooling-1.3.2-1.jar

Description:  XMLTooling-J is a low-level library that may be used to construct libraries that allow developers to work with XML in a Java beans manner.

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\opensaml\xmltooling\1.3.2-1\xmltooling-1.3.2-1.jar
MD5: 06de9a0632f8dc1064106e9bbaee66d5
SHA1: 6446e9ac7e90667d6883ac583c402601dec75e34
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:internet2:xmltooling:1.3.2.1   Confidence:LOW   
  • cpe: cpe:/a:xmltooling_project:xmltooling:1.3.2.1   Confidence:LOW   
  • maven: org.opensaml:xmltooling:1.3.2-1   Confidence:HIGH

CVE-2015-0851  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.

Vulnerable Software & Versions:

asm-5.0.3.jar

File Path: D:\maven\repository\org\ow2\asm\asm\5.0.3\asm-5.0.3.jar
MD5: ccebee99fb8cdd50e1967680a2eac0ba
SHA1: dcc2193db20e19e1feca8b1240dbbc4e190824fa
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.ow2.asm:asm:5.0.3   Confidence:HIGH

encoder-1.2.jar

Description:  The OWASP Encoders package is a collection of high-performance low-overhead contextual encoders, that when utilized correctly, is an effective tool in preventing Web Application security vulnerabilities such as Cross-Site Scripting.

File Path: D:\maven\repository\org\owasp\encoder\encoder\1.2\encoder-1.2.jar
MD5: 6224af43fac2a66741506df021ee7833
SHA1: 3725ab6ba4e15c574c013da7fa61b5c39ae6f9e1
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.owasp.encoder:encoder:1.2   Confidence:HIGH

esapi-2.0GA.jar

Description: The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP website. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC.

License:

BSD: http://www.opensource.org/licenses/bsd-license.php
Creative Commons 3.0 BY-SA: http://creativecommons.org/licenses/by-sa/3.0/
File Path: D:\maven\repository\org\owasp\esapi\esapi\2.0GA\esapi-2.0GA.jar
MD5: 1381dc4493764494c8e80d581c63f004
SHA1: e51c5bcbbb81f1d98780af3368c537ffa1059724
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:owasp:enterprise_security_api:2.0ga   Confidence:LOW   
  • maven: org.owasp.esapi:esapi:2.0GA   Confidence:HIGH

pentaho-vfs-1.0.jar

Description: Artifactory auto generated POM

File Path: D:\maven\repository\org\pentaho\pentaho-vfs\1.0\pentaho-vfs-1.0.jar
MD5: 287ed0d3bd4b18d57cbb475560d31a33
SHA1: 1af11a853631dfefe0838ae1240637633d16eeb1
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.pentaho:pentaho-vfs:1.0   Confidence:HIGH

libbase-7.1.0.0-12.jar

Description: LibBase is a library developed to provide base services like logging, configuration and initialization to all other libraries and applications. The library is the root library for all other Pentaho-Reporting projects.

License:

GNU Lesser General Public License, version 2.1: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: D:\maven\repository\org\pentaho\reporting\library\libbase\7.1.0.0-12\libbase-7.1.0.0-12.jar
MD5: a3dac76aceadbc8ced5ccd634d6765ed
SHA1: 23a807fa103ace23b635647eeb76ccd747c11757
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.pentaho.reporting.library:libbase:7.1.0.0-12   Confidence:HIGH

libformula-7.1.0.0-12.jar

Description: LibFormula provides Excel-Style-Expressions. The implementation provided here is very generic and can be used in any application that needs to compute formulas.

License:

GNU Lesser General Public License, version 2.1: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: D:\maven\repository\org\pentaho\reporting\library\libformula\7.1.0.0-12\libformula-7.1.0.0-12.jar
MD5: 200369d07d23962f7402aca72e9eb9e5
SHA1: 912b65278132ecb06e8fd52f4705f9491e7c3f1d
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.pentaho.reporting.library:libformula:7.1.0.0-12   Confidence:HIGH

quartz-1.7.2.jar

File Path: D:\maven\repository\org\quartz-scheduler\quartz\1.7.2\quartz-1.7.2.jar
MD5: c702f0825b40abffe6f5a6b6b29ceaa8
SHA1: b7d726d31f03108ffbc2a76ebb968dcb75b24c57
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.quartz-scheduler:quartz:1.7.2   Confidence:HIGH

reflections-0.9.8.jar

Description: Reflections - a Java runtime metadata analysis

File Path: D:\maven\repository\org\reflections\reflections\0.9.8\reflections-0.9.8.jar
MD5: 46192a2539fbe9e1fb69f8e5764e3aaa
SHA1: f723abb59bf512952bfc503838f70f81487a6993
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.reflections:reflections:0.9.8   Confidence:HIGH

saiku-query-0.4-SNAPSHOT.jar

File Path: D:\maven\repository\org\saiku\saiku-query\0.4-SNAPSHOT\saiku-query-0.4-SNAPSHOT.jar
MD5: f90c0ec1d10509ac9513e1058b7f4885
SHA1: 5a820cf7bfa63b244da3b3becde251373acce33e
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.saiku:saiku-query:0.4-SNAPSHOT   Confidence:HIGH

jcifs-1.3.3.jar

Description: JCIFS is an Open Source client library that implements the CIFS/SMB networking protocol in 100% Java

License:

GNU Lesser General Public License, version 2.1: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt
File Path: D:\maven\repository\org\samba\jcifs\jcifs\1.3.3\jcifs-1.3.3.jar
MD5: 55d8a7e0a562d546e8ec42f05c6999e7
SHA1: 1c10f34fb9897769e05ff5680921bdf450bc9edf
Referenced In Project/Scope: saiku biserver plugin:runtime

Identifiers

  • cpe: cpe:/a:samba:samba:1.3.3   Confidence:LOW   
  • maven: org.samba.jcifs:jcifs:1.3.3   Confidence:HIGH

CVE-2019-3824  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-275 Permission Issues

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.

Vulnerable Software & Versions: (show all)

CVE-2018-1139  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.

Vulnerable Software & Versions: (show all)

CVE-2018-10858  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Vulnerable Software & Versions: (show all)

CVE-2017-9461  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

Vulnerable Software & Versions: (show all)

CVE-2017-12163  

Severity: Medium
CVSS Score: 4.8 (AV:A/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-200 Information Exposure

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

Vulnerable Software & Versions: (show all)

CVE-2017-12151  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-310 Cryptographic Issues

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.

Vulnerable Software & Versions: (show all)

CVE-2017-12150  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-254 Security Features

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

Vulnerable Software & Versions: (show all)

CVE-2013-0454  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.

Vulnerable Software & Versions: (show all)

CVE-2012-1182  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-189 Numeric Errors

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.

Vulnerable Software & Versions: (show all)

CVE-2011-2724  

Severity: Low
CVSS Score: 1.2 (AV:L/AC:H/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.

Vulnerable Software & Versions: (show all)

CVE-2011-2411  

Severity: High
CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2011-1678  

Severity: Low
CVSS Score: 3.3 (AV:L/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation

smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

Vulnerable Software & Versions:

CVE-2010-3069  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.

Vulnerable Software & Versions: (show all)

CVE-2010-2063  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.

Vulnerable Software & Versions: (show all)

CVE-2010-1642  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.

Vulnerable Software & Versions: (show all)

CVE-2010-1635  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.

Vulnerable Software & Versions: (show all)

CVE-2010-0547  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.

Vulnerable Software & Versions: (show all)

CVE-2004-2687  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-16 Configuration

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.

Vulnerable Software & Versions: (show all)

CVE-2003-1332  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201.

Vulnerable Software & Versions:

CVE-2002-2196  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.

Vulnerable Software & Versions: (show all)

CVE-2001-0406  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)

Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.

Vulnerable Software & Versions:

CVE-1999-0182  

Severity: High
CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.

Vulnerable Software & Versions:

scannotation-1.0.2.jar

File Path: D:\maven\repository\org\scannotation\scannotation\1.0.2\scannotation-1.0.2.jar
MD5: 4c832a91b82d9a30ad22d6c4b98f9fc7
SHA1: 00d0b600c3719ca990c5c84acb33a65f20c57064
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.scannotation:scannotation:1.0.2   Confidence:HIGH

jetty-rc-repacked-5.jar

Description: Browser automation framework dependency on jetty

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\seleniumhq\selenium\jetty-rc-repacked\5\jetty-rc-repacked-5.jar
MD5: adc157de9de66d3310ef793af4964ccd
SHA1: d40f950f9d50503759adb7183b4b08c99988339e
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:jetty:jetty:-   Confidence:LOW   
  • maven: org.seleniumhq.selenium:jetty-rc-repacked:5   Confidence:HIGH

jetty-repacked-7.6.1.jar

File Path: D:\maven\repository\org\seleniumhq\selenium\jetty-repacked\7.6.1\jetty-repacked-7.6.1.jar
MD5: 347692e3881d4c5fd09a6b35a307ad58
SHA1: 3937008b2f7c124f52f7734eba4f6efc148799c6
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:jetty:jetty:7.6.1   Confidence:LOW   

selenium-api-2.46.0.jar

File Path: D:\maven\repository\org\seleniumhq\selenium\selenium-api\2.46.0\selenium-api-2.46.0.jar
MD5: 2432c8c1e0936235edace46d62f0947e
SHA1: 7c0cbf344f94b821954b0fb2a11fc3f0852d4195
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.seleniumhq.selenium:selenium-api:2.46.0   Confidence:HIGH

selenium-chrome-driver-2.46.0.jar

File Path: D:\maven\repository\org\seleniumhq\selenium\selenium-chrome-driver\2.46.0\selenium-chrome-driver-2.46.0.jar
MD5: 4e4d30e1baef8b867ba4f91324fe3c16
SHA1: 2bb778d663e16595be78879a212c29b4c4914595
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

CVE-2016-10624  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-310 Cryptographic Issues

selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Vulnerable Software & Versions:

selenium-firefox-driver-2.46.0.jar

File Path: D:\maven\repository\org\seleniumhq\selenium\selenium-firefox-driver\2.46.0\selenium-firefox-driver-2.46.0.jar
MD5: 20a8317c1cab6d7bdd36f1d51eeec791
SHA1: 0af50b36b2fd40125d1f282dedb926892b68d432
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.seleniumhq.selenium:selenium-firefox-driver:2.46.0   Confidence:HIGH

selenium-htmlunit-driver-2.46.0.jar

File Path: D:\maven\repository\org\seleniumhq\selenium\selenium-htmlunit-driver\2.46.0\selenium-htmlunit-driver-2.46.0.jar
MD5: 48a19caed5b6c80930af6101c8fb90da
SHA1: 8195bfe5ce96fa26661965a1ed7532413f56d99f
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.seleniumhq.selenium:selenium-htmlunit-driver:2.46.0   Confidence:HIGH

selenium-ie-driver-2.46.0.jar

File Path: D:\maven\repository\org\seleniumhq\selenium\selenium-ie-driver\2.46.0\selenium-ie-driver-2.46.0.jar
MD5: 4f7186d133c97c91dc14afd129e81758
SHA1: 6562c1dc60a49dfe742e14fecc61042475433994
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.seleniumhq.selenium:selenium-ie-driver:2.46.0   Confidence:HIGH

selenium-java-2.46.0.jar

File Path: D:\maven\repository\org\seleniumhq\selenium\selenium-java\2.46.0\selenium-java-2.46.0.jar
MD5: 5b626c8e23978114ab3aa853980b60c9
SHA1: 65e7f54757499d6b50fe722a7278af52a96baf98
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.seleniumhq.selenium:selenium-java:2.46.0   Confidence:HIGH

selenium-leg-rc-2.46.0.jar

File Path: D:\maven\repository\org\seleniumhq\selenium\selenium-leg-rc\2.46.0\selenium-leg-rc-2.46.0.jar
MD5: 4a2f7e2633956549a4ab5636ff2aa4a9
SHA1: 3a4075f1e826de2165568bb60d44808b92e45639
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.seleniumhq.selenium:selenium-leg-rc:2.46.0   Confidence:HIGH

selenium-remote-driver-2.46.0.jar

File Path: D:\maven\repository\org\seleniumhq\selenium\selenium-remote-driver\2.46.0\selenium-remote-driver-2.46.0.jar
MD5: 7076a0d3e39531c6ebe8c880570412ed
SHA1: 729394bd92eca8a3749fc8ace1b3304c8ed0ae07
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.seleniumhq.selenium:selenium-remote-driver:2.46.0   Confidence:HIGH

selenium-safari-driver-2.46.0.jar

File Path: D:\maven\repository\org\seleniumhq\selenium\selenium-safari-driver\2.46.0\selenium-safari-driver-2.46.0.jar
MD5: ee0aa4693cffbc911630b87c36215686
SHA1: db77237dc6a400709d2e3edeef7448554f39969c
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.seleniumhq.selenium:selenium-safari-driver:2.46.0   Confidence:HIGH

selenium-server-2.46.0.jar

File Path: D:\maven\repository\org\seleniumhq\selenium\selenium-server\2.46.0\selenium-server-2.46.0.jar
MD5: 8a846a0e5ce1414305781e3d4fbd49f4
SHA1: 9728558d5889b9bbdd8dc9a27a3103e420438e2f
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.seleniumhq.selenium:selenium-server:2.46.0   Confidence:HIGH

selenium-server-2.46.0.jar: readystate.jar

File Path: D:\maven\repository\org\seleniumhq\selenium\selenium-server\2.46.0\selenium-server-2.46.0.jar\customProfileDirCUSTFF\extensions\readystate@openqa.org\chrome\readystate.jar
MD5: 0bcafd7a486e7b6fc723da851db19a7b
SHA1: 63a6bdeee413d62ad8db3473797475243e99ec8e
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

selenium-server-2.46.0.jar: hudsuckr.exe

File Path: D:\maven\repository\org\seleniumhq\selenium\selenium-server\2.46.0\selenium-server-2.46.0.jar\hudsuckr\hudsuckr.exe
MD5: 2a9cca56785eab06a70e5d35523bcec9
SHA1: 89c44639f3bd4b4c7ee05286bb1748c9ae68eab1
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • None

selenium-support-2.46.0.jar

File Path: D:\maven\repository\org\seleniumhq\selenium\selenium-support\2.46.0\selenium-support-2.46.0.jar
MD5: 6b3d973a87cb820e675635316c7f1ff8
SHA1: fa26d31b92a30b40d9622964b587ee0f6e254357
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.seleniumhq.selenium:selenium-support:2.46.0   Confidence:HIGH

jcl-over-slf4j-1.7.7.jar

Description: JCL 1.1.1 implemented over SLF4J

File Path: D:\maven\repository\org\slf4j\jcl-over-slf4j\1.7.7\jcl-over-slf4j-1.7.7.jar
MD5: 32ad130f946ef0460af416397b7fc7b7
SHA1: 56003dcd0a31deea6391b9e2ef2f2dc90b205a92
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.slf4j:jcl-over-slf4j:1.7.7   Confidence:HIGH

jul-to-slf4j-1.6.1.jar

Description:  JUL to SLF4J bridge

File Path: D:\maven\repository\org\slf4j\jul-to-slf4j\1.6.1\jul-to-slf4j-1.6.1.jar
MD5: b0707d398e9ad652c4d4f5d6ec51ebff
SHA1: c5300fc91f48697ae3f0d8ec8eac7a43a9dd03f7
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.slf4j:jul-to-slf4j:1.6.1   Confidence:HIGH

slf4j-api-1.6.4.jar

Description: The slf4j API

File Path: D:\maven\repository\org\slf4j\slf4j-api\1.6.4\slf4j-api-1.6.4.jar
MD5: 75e1a2a3b84c59bf9d4f42de57a533b1
SHA1: 2396d74b12b905f780ed7966738bb78438e8371a
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.slf4j:slf4j-api:1.6.4   Confidence:HIGH

slf4j-log4j12-1.6.4.jar

Description:  The slf4j log4j-12 binding

File Path: D:\maven\repository\org\slf4j\slf4j-log4j12\1.6.4\slf4j-log4j12-1.6.4.jar
MD5: 4ea379002969e41feab169d33815ed45
SHA1: 6b4973e0320e220ec6534478d60233fd1cc51c9b
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.slf4j:slf4j-log4j12:1.6.4   Confidence:HIGH

se-jcr-0.9.jar

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: D:\maven\repository\org\springframework\se-jcr\0.9\se-jcr-0.9.jar
MD5: 4b768b86974847382bcfdc0f59554f16
SHA1: 017932edac3d449773c95e2a2341757a70305a2a
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:pivotal:spring_framework:0.9   Confidence:LOW   
  • cpe: cpe:/a:pivotal_software:spring_framework:0.9   Confidence:LOW   
  • cpe: cpe:/a:springsource:spring_framework:0.9   Confidence:LOW   
  • cpe: cpe:/a:vmware:springsource_spring_framework:0.9   Confidence:LOW   
  • maven: org.springframework:se-jcr:0.9   Confidence:HIGH

CVE-2018-1272  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1270  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-358 Improperly Implemented Security Check for Standard

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Vulnerable Software & Versions: (show all)

CVE-2014-1904  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Vulnerable Software & Versions: (show all)

CVE-2014-0054  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

Vulnerable Software & Versions: (show all)

CVE-2013-7315  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

Vulnerable Software & Versions: (show all)

CVE-2013-6429  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Vulnerable Software & Versions: (show all)

CVE-2013-4152  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

Vulnerable Software & Versions: (show all)

CVE-2011-2730  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Vulnerable Software & Versions: (show all)

spring-security-cas-4.0.1.RELEASE.jar

Description: spring-security-cas

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\springframework\security\spring-security-cas\4.0.1.RELEASE\spring-security-cas-4.0.1.RELEASE.jar
MD5: 0dc9552d5c36159c0ebf8cc0213a362e
SHA1: 6909407baf10ddf541de040ff6a484ae24d393a2
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.springframework.security:spring-security-cas:4.0.1.RELEASE   Confidence:HIGH

spring-security-config-4.0.1.RELEASE.jar

Description: spring-security-config

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\springframework\security\spring-security-config\4.0.1.RELEASE\spring-security-config-4.0.1.RELEASE.jar
MD5: 120295585274714702586663cf86b761
SHA1: ea7536e27649b80586d3556d14e6fe723f9cb778
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.springframework.security:spring-security-config:4.0.1.RELEASE   Confidence:HIGH

spring-security-core-4.1.3.RELEASE.jar

Description: spring-security-core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\springframework\security\spring-security-core\4.1.3.RELEASE\spring-security-core-4.1.3.RELEASE.jar
MD5: aa18e6b30fc3be254d3c269320857156
SHA1: e6e5b9a52c887484e61069d836520228ddb9b545
Referenced In Project/Scope: saiku biserver plugin:provided

Identifiers

  • maven: org.springframework.security:spring-security-core:4.1.3.RELEASE   Confidence:HIGH

spring-security-web-4.0.1.RELEASE.jar

Description: spring-security-web

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\springframework\security\spring-security-web\4.0.1.RELEASE\spring-security-web-4.0.1.RELEASE.jar
MD5: 3ee5746844c4cd5d56fe5ad0167636b8
SHA1: d5b040641af0f3e35628400e88aa966b5dcf01dc
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.springframework.security:spring-security-web:4.0.1.RELEASE   Confidence:HIGH

spring-context-support-4.1.6.RELEASE.jar

Description: Spring Context Support

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\springframework\spring-context-support\4.1.6.RELEASE\spring-context-support-4.1.6.RELEASE.jar
MD5: bf92fc0d8b7481393afeeddb47908370
SHA1: 9beaafd3f01cd377e36a2b1a9aed7c2c87111165
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:context_project:context:4.1.6   Confidence:LOW   
  • cpe: cpe:/a:pivotal:spring_framework:4.1.6   Confidence:LOW   
  • cpe: cpe:/a:pivotal_software:spring_framework:4.1.6   Confidence:HIGHEST   
  • cpe: cpe:/a:springsource:spring_framework:4.1.6   Confidence:LOW   
  • cpe: cpe:/a:vmware:springsource_spring_framework:4.1.6   Confidence:LOW   
  • maven: org.springframework:spring-context-support:4.1.6.RELEASE   Confidence:HIGH

CVE-2018-1272  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1270  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-358 Improperly Implemented Security Check for Standard

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Vulnerable Software & Versions: (show all)

CVE-2016-5007  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.

Vulnerable Software & Versions: (show all)

CVE-2015-5211  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-20 Improper Input Validation

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

Vulnerable Software & Versions: (show all)

CVE-2015-3192  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

Vulnerable Software & Versions: (show all)

spring-core-4.1.6.RELEASE.jar

Description: Spring Core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\springframework\spring-core\4.1.6.RELEASE\spring-core-4.1.6.RELEASE.jar
MD5: f9f20b46de6a0555ca748ad3a436c08c
SHA1: e2f486124d5dea2d91a9c2ea7d4456bc343ca2cc
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:pivotal:spring_framework:4.1.6   Confidence:LOW   
  • cpe: cpe:/a:pivotal_software:spring_framework:4.1.6   Confidence:HIGHEST   
  • cpe: cpe:/a:springsource:spring_framework:4.1.6   Confidence:LOW   
  • cpe: cpe:/a:vmware:springsource_spring_framework:4.1.6   Confidence:LOW   
  • maven: org.springframework:spring-core:4.1.6.RELEASE   Confidence:HIGH

CVE-2018-1272  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1270  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-358 Improperly Implemented Security Check for Standard

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Vulnerable Software & Versions: (show all)

CVE-2016-5007  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.

Vulnerable Software & Versions: (show all)

CVE-2015-5211  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-20 Improper Input Validation

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

Vulnerable Software & Versions: (show all)

CVE-2015-3192  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

Vulnerable Software & Versions: (show all)

spring-expression-4.3.2.RELEASE.jar

Description: Spring Expression Language (SpEL)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\springframework\spring-expression\4.3.2.RELEASE\spring-expression-4.3.2.RELEASE.jar
MD5: 0f6d8c98b636cd8979b3363b6b49497a
SHA1: 7676acd4dde9d186b7f882edce3131dc62dcb590
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:pivotal:spring_framework:4.3.2   Confidence:LOW   
  • cpe: cpe:/a:pivotal_software:spring_framework:4.3.2   Confidence:HIGHEST   
  • cpe: cpe:/a:springsource:spring_framework:4.3.2   Confidence:LOW   
  • cpe: cpe:/a:vmware:springsource_spring_framework:4.3.2   Confidence:LOW   
  • maven: org.springframework:spring-expression:4.3.2.RELEASE   Confidence:HIGH

CVE-2018-15756  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.

Vulnerable Software & Versions: (show all)

CVE-2018-1275  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-358 Improperly Implemented Security Check for Standard

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

Vulnerable Software & Versions: (show all)

CVE-2018-1272  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Vulnerable Software & Versions: (show all)

CVE-2018-1271  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1270  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-358 Improperly Implemented Security Check for Standard

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1257  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

Vulnerable Software & Versions: (show all)

CVE-2018-1199  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-20 Improper Input Validation

Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.

Vulnerable Software & Versions: (show all)

CVE-2018-11040  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-254 Security Features

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.

Vulnerable Software & Versions: (show all)

CVE-2018-11039  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-20 Improper Input Validation

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

Vulnerable Software & Versions: (show all)

CVE-2016-9878  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Vulnerable Software & Versions: (show all)

spring-binding-2.4.4.RELEASE.jar

Description: Spring Binding

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\springframework\webflow\spring-binding\2.4.4.RELEASE\spring-binding-2.4.4.RELEASE.jar
MD5: 68c5496052a84e7a048f3a170c7f0182
SHA1: 100dd40b1966a853ea38bb7a6d2cbcd090cda260
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.springframework.webflow:spring-binding:2.4.4.RELEASE   Confidence:HIGH

sac-1.3.jar

Description: SAC is a standard interface for CSS parsers.

License:

The W3C Software License: http://www.w3.org/Consortium/Legal/copyright-software-19980720
File Path: D:\maven\repository\org\w3c\css\sac\1.3\sac-1.3.jar
MD5: eb04fa63fc70c722f2b8ec156166343b
SHA1: cdb2dcb4e22b83d6b32b93095f644c3462739e82
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.w3c.css:sac:1.3   Confidence:HIGH

webbit-0.4.14.jar

Description: A Java event based WebSocket and HTTP server

License:

BSD License: http://www.opensource.org/licenses/bsd-license
File Path: D:\maven\repository\org\webbitserver\webbit\0.4.14\webbit-0.4.14.jar
MD5: 2557525150b95159e58c88f5e06e1a0a
SHA1: 3bf3f17fe41fb34c4d98663957ec0795a6b6653e
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:id:id-software:0.4.14   Confidence:LOW   
  • maven: org.webbitserver:webbit:0.4.14   Confidence:HIGH

snakeyaml-1.7.jar

Description: YAML 1.1 parser and emitter for Java

License:

Apache License Version 2.0: LICENSE.txt
File Path: D:\maven\repository\org\yaml\snakeyaml\1.7\snakeyaml-1.7.jar
MD5: 101748e166efc4299818d21e8c88a65c
SHA1: 3d13803a755625808202f1f513a24417cb328c6b
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: org.yaml:snakeyaml:1.7   Confidence:HIGH

oro-2.0.8.jar

File Path: D:\maven\repository\oro\oro\2.0.8\oro-2.0.8.jar
MD5: 42e940d5d2d822f4dc04c65053e630ab
SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: oro:oro:2.0.8   Confidence:HIGH

kettle-core-7.1.0.0-12.jar

File Path: D:\maven\repository\pentaho-kettle\kettle-core\7.1.0.0-12\kettle-core-7.1.0.0-12.jar
MD5: befbe21a1fe7b5b9f0c75222776df05f
SHA1: cfe3ae6991fe2ae128f01fd710011317a03602ec
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:pentaho:data_integration:7.1.0.0.12   Confidence:LOW   
  • maven: pentaho-kettle:kettle-core:7.1.0.0-12   Confidence:HIGH

kettle-engine-7.1.0.0-12.jar

File Path: D:\maven\repository\pentaho-kettle\kettle-engine\7.1.0.0-12\kettle-engine-7.1.0.0-12.jar
MD5: 4988b0777d192760f3ea637ebc35e126
SHA1: 993d370216eef32cee173c207d058c292f498c9b
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:pentaho:data_integration:7.1.0.0.12   Confidence:LOW   
  • maven: pentaho-kettle:kettle-engine:7.1.0.0-12   Confidence:HIGH

cpf-core-7.1.0.0-12.jar

File Path: D:\maven\repository\pentaho\cpf-core\7.1.0.0-12\cpf-core-7.1.0.0-12.jar
MD5: 4e316442c0351677118205bd6731f650
SHA1: ac812467a493c3dd7f763aec21be5d6a70349a25
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: pentaho:cpf-core:7.1.0.0-12   Confidence:HIGH

cpf-pentaho-7.1.0.0-12.jar

File Path: D:\maven\repository\pentaho\cpf-pentaho\7.1.0.0-12\cpf-pentaho-7.1.0.0-12.jar
MD5: 9c8761d81054252af371d9e96d680241
SHA1: 08927cb700b13817539d9216416d6050ba22c46d
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: pentaho:cpf-pentaho:7.1.0.0-12   Confidence:HIGH

metastore-7.1.0.0-12.jar

Description: A flexible metadata, data and configuration information store

File Path: D:\maven\repository\pentaho\metastore\7.1.0.0-12\metastore-7.1.0.0-12.jar
MD5: 67a29c3ea572e82030944bdf03461436
SHA1: 830286cbb6c9db6a7a33f4cee1db3f7c22036287
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: pentaho:metastore:7.1.0.0-12   Confidence:HIGH

mondrian-3.11.0.0-353.jar

File Path: D:\maven\repository\pentaho\mondrian\3.11.0.0-353\mondrian-3.11.0.0-353.jar
MD5: 12216830c8d9c5f00dac758259d90c07
SHA1: cff98794c5b9defca01e5c6585a2d48da9491a12
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: pentaho:mondrian:3.11.0.0-353   Confidence:HIGH

pentaho-concurrent-1.0.0.jar

Description: Pentaho variant of concurrent-1.3.4.jar

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\pentaho\pentaho-concurrent\1.0.0\pentaho-concurrent-1.0.0.jar
MD5: e9bfb2d89666e0f9b8f2f519b584a103
SHA1: e9a403b9dce499edf8856269a2ca445c06c58198
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:id:id-software:1.0.0   Confidence:LOW   
  • maven: pentaho:pentaho-concurrent:1.0.0   Confidence:HIGH

pentaho-connections-7.1.0.0-12.jar

Description: The Pentaho Connections API defines a common set of interfaces for dealing with connections and result sets.

File Path: D:\maven\repository\pentaho\pentaho-connections\7.1.0.0-12\pentaho-connections-7.1.0.0-12.jar
MD5: 2cd59910c0a759aa53aa8384ead00422
SHA1: 7fba3a3c22a00b89d8e9d3f26b351d5843f65dae
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:connections_project:connections:7.1.0.0.12   Confidence:LOW   
  • maven: pentaho:pentaho-connections:7.1.0.0-12   Confidence:HIGH

pentaho-cwm-1.5.4.jar

File Path: D:\maven\repository\pentaho\pentaho-cwm\1.5.4\pentaho-cwm-1.5.4.jar
MD5: 6a30717982c9784a9594ba5b94ef7ddc
SHA1: 2ff291bf32d447e9e033d293a3db9dc54292f71b
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: pentaho:pentaho-cwm:1.5.4   Confidence:HIGH

pentaho-metadata-7.1.0.0-12.jar

Description: Pentaho Metadata Core

File Path: D:\maven\repository\pentaho\pentaho-metadata\7.1.0.0-12\pentaho-metadata-7.1.0.0-12.jar
MD5: db664b2cb6b2524099d0f2a8bfb4a9a1
SHA1: 000734c7e9e4fdfbdc72153ce18a6b98fb310ca9
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: pentaho:pentaho-metadata:7.1.0.0-12   Confidence:HIGH

pentaho-platform-api-5.0.0.jar

File Path: D:\maven\repository\pentaho\pentaho-platform-api\5.0.0\pentaho-platform-api-5.0.0.jar
MD5: 3979e511c98661f320440e03786c9b10
SHA1: d17317bed1fa6ffe9f8d256d431be09c40676544
Referenced In Project/Scope: saiku biserver plugin:provided

Identifiers

  • maven: pentaho:pentaho-platform-api:5.0.0   Confidence:HIGH

pentaho-platform-core-5.0.0.jar

File Path: D:\maven\repository\pentaho\pentaho-platform-core\5.0.0\pentaho-platform-core-5.0.0.jar
MD5: f0f14ff03d6a0ac57a2d006997e800bf
SHA1: 204ecbee356ceb577986625f65cf1abac60287f2
Referenced In Project/Scope: saiku biserver plugin:provided

Identifiers

  • maven: pentaho:pentaho-platform-core:5.0.0   Confidence:HIGH

pentaho-platform-extensions-5.0.0.jar

File Path: D:\maven\repository\pentaho\pentaho-platform-extensions\5.0.0\pentaho-platform-extensions-5.0.0.jar
MD5: ed8e2f33574c4d7f9cc010ec5bfaac1c
SHA1: 9b895104b995e986685e94900f1cecbcdcca20ab
Referenced In Project/Scope: saiku biserver plugin:provided

Identifiers

  • maven: pentaho:pentaho-platform-extensions:5.0.0   Confidence:HIGH

pentaho-platform-repository-7.1.0.0-12.jar

File Path: D:\maven\repository\pentaho\pentaho-platform-repository\7.1.0.0-12\pentaho-platform-repository-7.1.0.0-12.jar
MD5: c1fcaee8ce8560476b721c178c134575
SHA1: 8cc080016101545af29cb7c872b6fa3d7ceb700d
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: pentaho:pentaho-platform-repository:7.1.0.0-12   Confidence:HIGH

pentaho-registry-7.1.0.0-12.jar

File Path: D:\maven\repository\pentaho\pentaho-registry\7.1.0.0-12\pentaho-registry-7.1.0.0-12.jar
MD5: e4ca1d56994b75eefab866d6df37a15a
SHA1: 774584ebd0fa00c8651f089e54fcf8fb448b2efb
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: pentaho:pentaho-registry:7.1.0.0-12   Confidence:HIGH

simple-jndi-1.0.0.jar

File Path: D:\maven\repository\pentaho\simple-jndi\1.0.0\simple-jndi-1.0.0.jar
MD5: c4801c690ee5ac953ddb84141e91e037
SHA1: 0975a7cf3eddbd8cbd2ad004d55b31f27e7dea53
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: pentaho:simple-jndi:1.0.0   Confidence:HIGH

secondstring-20060615.jar

Description: Auto generated POM

File Path: D:\maven\repository\secondstring\secondstring\20060615\secondstring-20060615.jar
MD5: f3295a8389944ae33156904781ed7742
SHA1: c4724ed5bfbd19a28675c96274b81c9d34a0cd01
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: secondstring:secondstring:20060615   Confidence:HIGH

stax-api-1.0.1.jar

Description: StAX API is the standard java XML processing API defined by JSR-173

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\stax\stax-api\1.0.1\stax-api-1.0.1.jar
MD5: 7d436a53c64490bee564c576babb36b4
SHA1: 49c100caf72d658aca8e58bd74a4ba90fa2b0d70
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:st_project:st:1.0.1   Confidence:LOW   
  • maven: stax:stax-api:1.0.1   Confidence:HIGH

CVE-2017-16224  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a proper redirect as // is translated into the current schema being used. Mitigating factor: In order for this to work, st must be serving from the root of a server (/) rather than the typical sub directory (/static/) and the redirect URL will end with some form of URL encoded .. ("%2e%2e", "%2e.", ".%2e").

Vulnerable Software & Versions:

velocity-1.5.jar

Description: Apache Velocity is a general purpose template engine.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\velocity\velocity\1.5\velocity-1.5.jar
MD5: 8d46d30a37e1cf2047cdfa73c552e8a9
SHA1: 09f306baf7523ffc0e81a6353d08a584d254133b
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: velocity:velocity:1.5   Confidence:HIGH

wsdl4j-1.6.2.jar

Description: Java stub generator for WSDL

License:

CPL: http://www.opensource.org/licenses/cpl1.0.txt
File Path: D:\maven\repository\wsdl4j\wsdl4j\1.6.2\wsdl4j-1.6.2.jar
MD5: 2608a8ea3f07b0c08de8a7d3d0d3fc09
SHA1: dec1669fb6801b7328e01ad72fc9e10b69ea06c1
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: wsdl4j:wsdl4j:1.6.2   Confidence:HIGH

xalan-2.7.0.jar

File Path: D:\maven\repository\xalan\xalan\2.7.0\xalan-2.7.0.jar
MD5: a018d032c21a873225e702b36b171a10
SHA1: a33c0097f1c70b20fa7ded220ea317eb3500515e
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

CVE-2014-0107  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.

Vulnerable Software & Versions: (show all)

xercesImpl-2.8.1.jar

Description: Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.

File Path: D:\maven\repository\xerces\xercesImpl\2.8.1\xercesImpl-2.8.1.jar
MD5: e86f321c8191b37bd720ff5679f57288
SHA1: 25101e37ec0c907db6f0612cbf106ee519c1aef1
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • cpe: cpe:/a:apache:xerces2_java:2.8.1   Confidence:LOW   
  • maven: xerces:xercesImpl:2.8.1   Confidence:HIGH

CVE-2012-0881  

Severity: High
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors

Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.

Vulnerable Software & Versions:

xml-apis-ext-1.3.04.jar

Description: xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun.

File Path: D:\maven\repository\xml-apis\xml-apis-ext\1.3.04\xml-apis-ext-1.3.04.jar
MD5: bcb07d3b8d2397db7a3013b6465d347b
SHA1: 41a8b86b358e87f3f13cf46069721719105aff66
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: xml-apis:xml-apis-ext:1.3.04   Confidence:HIGH

xml-apis-1.3.04.jar

Description: xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun.

File Path: D:\maven\repository\xml-apis\xml-apis\1.3.04\xml-apis-1.3.04.jar
MD5: 9ae9c29e4497fc35a3eade1e6dd0bbeb
SHA1: 90b215f48fe42776c8c7f6e3509ec54e84fd65ef
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: xml-apis:xml-apis:1.3.04   Confidence:HIGH

xml-resolver-1.2.jar

Description: xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier.

File Path: D:\maven\repository\xml-resolver\xml-resolver\1.2\xml-resolver-1.2.jar
MD5: 706c533146c1f4ee46b66659ea14583a
SHA1: 3d0f97750b3a03e0971831566067754ba4bfd68c
Referenced In Project/Scope: saiku biserver plugin:runtime

Identifiers

  • maven: xml-resolver:xml-resolver:1.2   Confidence:HIGH

xmlpull-1.1.3.1.jar

License:

Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txt
File Path: D:\maven\repository\xmlpull\xmlpull\1.1.3.1\xmlpull-1.1.3.1.jar
MD5: cc57dacc720eca721a50e78934b822d2
SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: xmlpull:xmlpull:1.1.3.1   Confidence:HIGH

xpp3_min-1.1.4c.jar

Description: MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+.

License:

Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt
Public Domain: http://creativecommons.org/licenses/publicdomain
File Path: D:\maven\repository\xpp3\xpp3_min\1.1.4c\xpp3_min-1.1.4c.jar
MD5: dcd95bcb84b09897b2b66d4684c040da
SHA1: 19d4e90b43059058f6e056f794f0ea4030d60b86
Referenced In Project/Scope: saiku biserver plugin:compile

Identifiers

  • maven: xpp3:xpp3_min:1.1.4c   Confidence:HIGH

clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-api/pom.xml

File Path: D:\maven\repository\com\cenqua\clover\clover\3.3.0\clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-api/pom.xml
MD5: 909b59fe332febfb92157e47e6019a32
SHA1: e663b56d78c448d4c6f7c3cc5dcdd0c14329c2c9

Identifiers

  • maven: com.atlassian.extras:atlassian-extras-api:2.5   Confidence:HIGH

clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-common/pom.xml

File Path: D:\maven\repository\com\cenqua\clover\clover\3.3.0\clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-common/pom.xml
MD5: 2c7b0ba9e511473325120b3c7aab57b8
SHA1: 8795fa2e4cba11160230cf8ebf6ffd3bc4ac5926

Identifiers

  • maven: com.atlassian.extras:atlassian-extras-common:2.5   Confidence:HIGH

clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-core/pom.xml

File Path: D:\maven\repository\com\cenqua\clover\clover\3.3.0\clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-core/pom.xml
MD5: 12a3ec117714215973df9b698167005f
SHA1: 165c74e256df1afd64fcaf23039fc867a693ac9e

Identifiers

  • maven: com.atlassian.extras:atlassian-extras-core:2.5   Confidence:HIGH

clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-decoder-api/pom.xml

File Path: D:\maven\repository\com\cenqua\clover\clover\3.3.0\clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-decoder-api/pom.xml
MD5: 9ab0b566384b8944687c381180847cef
SHA1: 89808e91fac25af7b701862ef6c8b7f85716e89a

Identifiers

  • maven: com.atlassian.extras:atlassian-extras-decoder-api:2.5   Confidence:HIGH

clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-decoder-v2/pom.xml

File Path: D:\maven\repository\com\cenqua\clover\clover\3.3.0\clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-decoder-v2/pom.xml
MD5: d59a2d890e1744cd305062006853c5e7
SHA1: f5e4fcd405f6ebc99985c230f0445affc30e44e7

Identifiers

  • maven: com.atlassian.extras:atlassian-extras-decoder-v2:2.5   Confidence:HIGH

clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-legacy/pom.xml

File Path: D:\maven\repository\com\cenqua\clover\clover\3.3.0\clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras-legacy/pom.xml
MD5: b3be26a03cca9828d36a78ac82ab329f
SHA1: 6f71a5682cb310356e34ac04d4e921b0223effa8

Identifiers

  • maven: com.atlassian.extras:atlassian-extras-legacy:2.5   Confidence:HIGH

clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras/pom.xml

File Path: D:\maven\repository\com\cenqua\clover\clover\3.3.0\clover-3.3.0.jar\META-INF/maven/com.atlassian.extras/atlassian-extras/pom.xml
MD5: 140497faeb4cb9926dd16b52ddc6697a
SHA1: 4c95207ae79b96f6aefd86df93fd26dfb2aece22

Identifiers

  • maven: com.atlassian.extras:atlassian-extras:2.5   Confidence:HIGH

clover-3.3.0.jar\META-INF/maven/commons-codec/commons-codec/pom.xml

Description:  The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

File Path: D:\maven\repository\com\cenqua\clover\clover\3.3.0\clover-3.3.0.jar\META-INF/maven/commons-codec/commons-codec/pom.xml
MD5: 1c2024aae272aaf64f445522865808a5
SHA1: c74b24443fcf3d118722d9fca0a4f7b14145b4e7

Identifiers

  • maven: commons-codec:commons-codec:1.5   Confidence:HIGH

clover-3.3.0.jar\META-INF/maven/commons-lang/commons-lang/pom.xml

Description:  Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

File Path: D:\maven\repository\com\cenqua\clover\clover\3.3.0\clover-3.3.0.jar\META-INF/maven/commons-lang/commons-lang/pom.xml
MD5: cca9ee287cb26a44a2f65450a24957cd
SHA1: 347d60b180fa80e5699d8e2cb72c99c93dda5454

Identifiers

  • maven: commons-lang:commons-lang:2.6   Confidence:HIGH

clover-3.3.0.jar\META-INF/maven/com.google.code.gson/gson/pom.xml

Description: Google Gson library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\com\cenqua\clover\clover\3.3.0\clover-3.3.0.jar\META-INF/maven/com.google.code.gson/gson/pom.xml
MD5: 1e15b52de0bd59569e19a7b0bd0bd4c3
SHA1: 13c8fd4be7b56adc09d0d7bf4d90565504404aa3

Identifiers

  • maven: com.google.code.gson:gson:1.3   Confidence:HIGH

hazelcast-3.6.2.jar\META-INF/maven/com.hazelcast/hazelcast/pom.xml

Description: Core Hazelcast Module

File Path: D:\maven\repository\com\hazelcast\hazelcast\3.6.2\hazelcast-3.6.2.jar\META-INF/maven/com.hazelcast/hazelcast/pom.xml
MD5: 4c39b5675e6563ef2e20e0668e0a7cd1
SHA1: 023f0921397d3d605b642f9871726629035fe85c

Identifiers

  • maven: com.hazelcast:hazelcast:3.6.2   Confidence:HIGH
  • cpe: cpe:/a:root:root:3.6.2   Confidence:LOW   

hazelcast-3.6.2.jar\META-INF/maven/com.eclipsesource.minimal-json/minimal-json/pom.xml

Description: A Minimal JSON Parser and Writer

License:

MIT License: http://opensource.org/licenses/MIT
File Path: D:\maven\repository\com\hazelcast\hazelcast\3.6.2\hazelcast-3.6.2.jar\META-INF/maven/com.eclipsesource.minimal-json/minimal-json/pom.xml
MD5: ae5eb6ecf5f051dd566d8f2c6af93440
SHA1: 639ffcaea95015a3f940cebd93608c5c1976cea1

Identifiers

  • maven: com.eclipsesource.minimal-json:minimal-json:0.9.2-SNAPSHOT   Confidence:HIGH

hazelcast-3.6.2.jar\META-INF/maven/com.hazelcast/hazelcast-client-protocol/pom.xml

Description: Core Hazelcast Module

File Path: D:\maven\repository\com\hazelcast\hazelcast\3.6.2\hazelcast-3.6.2.jar\META-INF/maven/com.hazelcast/hazelcast-client-protocol/pom.xml
MD5: ee1187da92ecffea32ed700cd941bd46
SHA1: 445b33f73f70aa2004e8c6b19139cf1aa9459029

Identifiers

  • maven: com.hazelcast:hazelcast-client-protocol:1.0.0   Confidence:HIGH

cucumber-jvm-deps-1.0.3.jar\META-INF/maven/info.cukes/cucumber-jvm-deps/pom.xml

License:

BSD License: http://xstream.codehaus.org/license.html
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: D:\maven\repository\info\cukes\cucumber-jvm-deps\1.0.3\cucumber-jvm-deps-1.0.3.jar\META-INF/maven/info.cukes/cucumber-jvm-deps/pom.xml
MD5: c06e5769dc4b5a30eb44ce3104c27ed5
SHA1: 5bbe8cd696baa27247ea0307d1c11f6608aa898b

Identifiers

  • maven: info.cukes:cucumber-jvm-deps:1.0.3   Confidence:HIGH

cucumber-jvm-deps-1.0.3.jar\META-INF/maven/com.thoughtworks.xstream/xstream/pom.xml

File Path: D:\maven\repository\info\cukes\cucumber-jvm-deps\1.0.3\cucumber-jvm-deps-1.0.3.jar\META-INF/maven/com.thoughtworks.xstream/xstream/pom.xml
MD5: 14020aa66919970ee853c7ad6f175070
SHA1: b8c57a02d6c67065a4e87fccf27cff6a76f045fe

Identifiers

  • maven: com.thoughtworks.xstream:xstream:1.4.2   Confidence:HIGH
  • cpe: cpe:/a:xstream_project:xstream:1.4.2   Confidence:LOW   

CVE-2017-7957  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.

Vulnerable Software & Versions:

CVE-2016-3674  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.

Vulnerable Software & Versions:

cucumber-jvm-deps-1.0.3.jar\META-INF/maven/com.googlecode.java-diff-utils/diffutils/pom.xml

Description: The DiffUtils library for computing diffs, applying patches, generationg side-by-side view in Java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\info\cukes\cucumber-jvm-deps\1.0.3\cucumber-jvm-deps-1.0.3.jar\META-INF/maven/com.googlecode.java-diff-utils/diffutils/pom.xml
MD5: 8fffd568a999cea11f3e828e2610a511
SHA1: 3db400baff3182027a58d7e1984974949f96c2a7

Identifiers

  • maven: com.googlecode.java-diff-utils:diffutils:1.2.1   Confidence:HIGH

antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/antlr-complete/pom.xml

Description: Complete distribution for ANTLR 3

File Path: D:\maven\repository\org\antlr\antlr-complete\3.5.2\antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/antlr-complete/pom.xml
MD5: 8ea79fe16a50c9eacc0be0616db261a8
SHA1: 28061dd7bc78afdf2b48cb11054c936e7f886abf

Identifiers

  • maven: org.antlr:antlr-complete:3.5.2   Confidence:HIGH

antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/antlr/pom.xml

Description: The ANTLR 3 tool.

File Path: D:\maven\repository\org\antlr\antlr-complete\3.5.2\antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/antlr/pom.xml
MD5: a5b639e28f29413c658a60b12f6e48fd
SHA1: d6830744a9a30a9c0afebfb84a5fdd6cc7e9d4ab

Identifiers

  • maven: org.antlr:antlr:3.5.2   Confidence:HIGH

antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/ST4/pom.xml

Description: StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.

License:

BSD licence: http://antlr.org/license.html
File Path: D:\maven\repository\org\antlr\antlr-complete\3.5.2\antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/ST4/pom.xml
MD5: 683219fec455dfde94a6473373265284
SHA1: 116663d33389525e932a4ff7adaf66eb06caf277

Identifiers

  • maven: org.antlr:ST4:4.0.8   Confidence:HIGH

antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/antlr-runtime/pom.xml

Description: A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.

File Path: D:\maven\repository\org\antlr\antlr-complete\3.5.2\antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/antlr-runtime/pom.xml
MD5: b9bf8a27cb01fac6a32d6aa68b59f5bf
SHA1: af8ae5172f0c499d932d465673c9833c8777c1dd

Identifiers

CVE-2019-9636  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.

Vulnerable Software & Versions: (show all)

CVE-2018-20406  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data.

Vulnerable Software & Versions: (show all)

CVE-2018-14647  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.

Vulnerable Software & Versions: (show all)

CVE-2018-1061  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

Vulnerable Software & Versions: (show all)

CVE-2018-1060  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

Vulnerable Software & Versions: (show all)

CVE-2018-1000117  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.

Vulnerable Software & Versions: (show all)

CVE-2017-18207  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-369 Divide By Zero

** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions."

Vulnerable Software & Versions:

CVE-2017-17522  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting.

Vulnerable Software & Versions:

CVE-2014-3539  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-254 Security Features

base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.

Vulnerable Software & Versions:

CVE-2007-4559  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Vulnerable Software & Versions:

antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/gunit/pom.xml

Description: gUnit grammar testing tool for ANTLR 3

File Path: D:\maven\repository\org\antlr\antlr-complete\3.5.2\antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/gunit/pom.xml
MD5: 51086b27f900a7dedbcd411b0ce9e8a8
SHA1: 6cd767fa480e067b371539de92cf126a773486b2

Identifiers

  • maven: org.antlr:gunit:3.5.2   Confidence:HIGH

antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/stringtemplate/pom.xml

Description: StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.

License:

BSD licence: http://antlr.org/license.html
File Path: D:\maven\repository\org\antlr\antlr-complete\3.5.2\antlr-complete-3.5.2.jar\META-INF/maven/org.antlr/stringtemplate/pom.xml
MD5: 391508305e5e8b20338387f19735ab86
SHA1: 88562344bdb06d01a8f410aa624538e345086595

Identifiers

  • maven: org.antlr:stringtemplate:3.2.1   Confidence:HIGH

webservices-api-2.1.jar\META-INF/maven/org.glassfish.metro/webservices-api/pom.xml

Description:  This module contains the compilation of all public Metro APIs.

File Path: D:\maven\repository\org\glassfish\metro\webservices-api\2.1\webservices-api-2.1.jar\META-INF/maven/org.glassfish.metro/webservices-api/pom.xml
MD5: 0f6a6948b4206e78ea4435b28b557baa
SHA1: fc636d3b9a1264bd6f6d5061230ca595bf351bc2

Identifiers

  • maven: org.glassfish.metro:webservices-api:2.1   Confidence:HIGH

webservices-api-2.1.jar\META-INF/maven/javax.xml.soap/saaj-api/pom.xml

File Path: D:\maven\repository\org\glassfish\metro\webservices-api\2.1\webservices-api-2.1.jar\META-INF/maven/javax.xml.soap/saaj-api/pom.xml
MD5: 80f55c1b9ee67ee546b3de81e35a75d6
SHA1: ced85ef7cc403a0da309b3761a2ff168f361d5a6

Identifiers

  • maven: javax.xml.soap:saaj-api:1.3.2   Confidence:HIGH

webservices-api-2.1.jar\META-INF/maven/org.glassfish/javax.annotation/pom.xml

Description: Common Annotations for the JavaTM Platform API version ${spec.version} Repackaged as OSGi bundle in GlassFish

File Path: D:\maven\repository\org\glassfish\metro\webservices-api\2.1\webservices-api-2.1.jar\META-INF/maven/org.glassfish/javax.annotation/pom.xml
MD5: b7778b465e6d0513e8454058e94a214a
SHA1: e498c8940676f6e24124cab7ad20d1aec9011039

Identifiers

  • maven: org.glassfish:javax.annotation:3.1-b35   Confidence:HIGH

webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/webservices-rt/pom.xml

Description:  This module contains the Metro runtime code.

File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/webservices-rt/pom.xml
MD5: 48b709f875f6aaa572fbd7b4ec357361
SHA1: 9b8123484564085473fabf505191ddf597e1cafd

Identifiers

  • maven: org.glassfish.metro:webservices-rt:2.1   Confidence:HIGH

webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/wsit-api/pom.xml

Description:  This module contains the Metro WSIT API

File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/wsit-api/pom.xml
MD5: 64625ea4e3e7e0bc7a705c2f442e2441
SHA1: 19b59e7aff902507bf70d20914ccd1221ffec6ab

Identifiers

  • maven: org.glassfish.metro:wsit-api:2.1   Confidence:HIGH

webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-commons/pom.xml

File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-commons/pom.xml
MD5: e561d94d5786a0cb81e834d29ab9347b
SHA1: 434fb5653b21b2fcba3bccf41718d388067199f0

Identifiers

  • maven: org.glassfish.metro:metro-commons:2.1   Confidence:HIGH

webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-config-api/pom.xml

File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-config-api/pom.xml
MD5: 52c4ee70b52cdff4809b6eab9f185f10
SHA1: 96f026ef4b768e8f96aaf841631eaddb8e1e276a

Identifiers

  • maven: org.glassfish.metro:metro-config-api:2.1   Confidence:HIGH

webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-runtime-api/pom.xml

File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-runtime-api/pom.xml
MD5: 545dad68dbf013587a8b5010e403b825
SHA1: 66db34ee1a2c1d83a00c31db5aadc988fbdf2bdb

Identifiers

  • maven: org.glassfish.metro:metro-runtime-api:2.1   Confidence:HIGH

webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/soaptcp-api/pom.xml

File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/soaptcp-api/pom.xml
MD5: 7ccc81e593993d53a545d07092a3bc34
SHA1: a875fb0b44fd3486e7dc98aaee21b74f1e6225bc

Identifiers

  • maven: org.glassfish.metro:soaptcp-api:2.1   Confidence:HIGH

webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-cm-api/pom.xml

File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-cm-api/pom.xml
MD5: 2db94a0b0b1ef3ce59cce59ac653b16e
SHA1: 7ad9e8d2a66f9e9b4dd85d466501a54cb30567a5

Identifiers

  • cpe: cpe:/a:cm_project:cm:2.1   Confidence:LOW   
  • maven: org.glassfish.metro:metro-cm-api:2.1   Confidence:HIGH

CVE-2018-13714  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-190 Integer Overflow or Wraparound

The mintToken function of a smart contract implementation for CM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Vulnerable Software & Versions:

webservices-rt-2.1.jar\META-INF/maven/com.sun.xml.messaging.saaj/saaj-impl/pom.xml

Description:  Open source Reference Implementation of JSR-76: SOAP with Attachments API for Java (SAAJ MR :1.3)

License:

            Dual license consisting of the CDDL v1.1 and GPL v2
        : http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/com.sun.xml.messaging.saaj/saaj-impl/pom.xml
MD5: 6b72cd7630a9b3e1ea8459f61d884201
SHA1: d12c0c6a6433efa3b05c8f1a51926b11399450ba

Identifiers

  • maven: com.sun.xml.messaging.saaj:saaj-impl:1.3.8   Confidence:HIGH

webservices-rt-2.1.jar\META-INF/maven/org.jvnet/mimepull/pom.xml

Description:  Provides a streaming API to access attachments parts in a MIME message.

License:

                COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
            : http://www.opensource.org/licenses/cddl1.php

                GPLv2 with classpath exception
            : http://www.gnu.org/software/classpath/license.html
File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/org.jvnet/mimepull/pom.xml
MD5: a0cc80c46a8b698c9a0bbe6485ad85c9
SHA1: 89f64a844b2c75eac8801a91963ef226d4f0a263

Identifiers

  • maven: org.jvnet:mimepull:1.4   Confidence:HIGH

webservices-rt-2.1.jar\META-INF/maven/org.jvnet.staxex/stax-ex/pom.xml

Description: Extensions to JSR-173 StAX API.

License:

Common Development And Distribution License (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html
File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/org.jvnet.staxex/stax-ex/pom.xml
MD5: fd6b86ceb02aa626e9ed11fc734dc3e8
SHA1: 75ff97c61ce782bde2176f8d0c6719508c8f8182

Identifiers

  • cpe: cpe:/a:st_project:st:1.2.1   Confidence:LOW   
  • maven: org.jvnet.staxex:stax-ex:1.2   Confidence:HIGH

CVE-2017-16224  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a proper redirect as // is translated into the current schema being used. Mitigating factor: In order for this to work, st must be serving from the root of a server (/) rather than the typical sub directory (/static/) and the redirect URL will end with some form of URL encoded .. ("%2e%2e", "%2e.", ".%2e").

Vulnerable Software & Versions:

webservices-rt-2.1.jar\META-INF/maven/com.sun.xml.ws/policy/pom.xml

License:

Dual License: CDDL 1.0 and GPL V2 with Classpath Exception: https://glassfish.dev.java.net/public/CDDL+GPL.html
File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/com.sun.xml.ws/policy/pom.xml
MD5: 7e509e27ccbf5dfcdf611834f3e788fa
SHA1: 98c3798bf8b454b2f1b055a844877ec322b4b2c0

Identifiers

  • maven: com.sun.xml.ws:policy:2.2.2   Confidence:HIGH
  • cpe: cpe:/a:ws_project:ws:2.2.2   Confidence:LOW   

webservices-rt-2.1.jar\META-INF/maven/org.glassfish.ha/ha-api/pom.xml

File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/org.glassfish.ha/ha-api/pom.xml
MD5: 6808e2354cd90c98c90552b750147d9a
SHA1: 0afda50d3020ef8e6a1255eca97878c35c5fdd74

Identifiers

  • cpe: cpe:/a:fish:fish:3.1.8   Confidence:LOW   
  • maven: org.glassfish.ha:ha-api:3.1.8   Confidence:HIGH

webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/wsit-impl/pom.xml

Description:  This module contains the Metro WSIT runtime code.

File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/wsit-impl/pom.xml
MD5: 8a3909f4747da1960bde5684ad152c6d
SHA1: 1576a74fad6f856b3cfc5028914ff8bf6210d200

Identifiers

  • maven: org.glassfish.metro:wsit-impl:2.1   Confidence:HIGH

webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-config-impl/pom.xml

File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-config-impl/pom.xml
MD5: 8b50b99f872d3125909e01b8a8a36592
SHA1: 7e9dbb213fc9d2ec1a094c8676b8d339335e061c

Identifiers

  • maven: org.glassfish.metro:metro-config-impl:2.1   Confidence:HIGH

webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-runtime-impl/pom.xml

File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/metro-runtime-impl/pom.xml
MD5: c9a6ef830eb34549bc71267c5b289dea
SHA1: 91663542d9ba7c44a4f142f39352df0020d09d9a

Identifiers

  • maven: org.glassfish.metro:metro-runtime-impl:2.1   Confidence:HIGH

webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/soaptcp-impl/pom.xml

File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/soaptcp-impl/pom.xml
MD5: 145cf33c4ee73031c3277c2dfad6223c
SHA1: 55fd18f660d98d6e838f94e54e2ceef161cb3d3e

Identifiers

  • maven: org.glassfish.metro:soaptcp-impl:2.1   Confidence:HIGH

webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/xmlfilter/pom.xml

File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/xmlfilter/pom.xml
MD5: 34682a68f3bbc0fa7f8786a2f3a529a2
SHA1: b2cdf1be489bec62cac83092c8540e9ee5eac1fc

Identifiers

  • maven: org.glassfish.metro:xmlfilter:2.1   Confidence:HIGH

webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/ws-mex/pom.xml

File Path: D:\maven\repository\org\glassfish\metro\webservices-rt\2.1\webservices-rt-2.1.jar\META-INF/maven/org.glassfish.metro/ws-mex/pom.xml
MD5: 737cd94df587558188d16dfe1ba96398
SHA1: 3a49f1b5f6f1c95d48a8816787a50d735ad48bee

Identifiers

  • cpe: cpe:/a:ws_project:ws:2.1   Confidence:LOW   
  • maven: org.glassfish.metro:ws-mex:2.1   Confidence:HIGH

jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jffi/pom.xml

Description: Java Foreign Function Interface

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jffi/pom.xml
MD5: 3be244a36825b3f26b27becc9c016542
SHA1: a978127f45014ed55bab756fcf3bebd4971392c2

Identifiers

  • maven: com.github.jnr:jffi:1.2.7   Confidence:HIGH

jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-constants/pom.xml

Description: A set of platform constants (e.g. errno values)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-constants/pom.xml
MD5: edfdd536fda5211b975e918c9d0686db
SHA1: f34dd261e40d57f7d9024897f5ed9c9b3233ceb1

Identifiers

  • maven: com.github.jnr:jnr-constants:0.8.4   Confidence:HIGH
  • cpe: cpe:/a:values_project:values:0.8.4   Confidence:LOW   

jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-enxio/pom.xml

Description: Native I/O access for java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-enxio/pom.xml
MD5: fc1866ef09935202122821e520cb2cd7
SHA1: 6747709c72e14e02013419d3b6927a1bf6f3c451

Identifiers

  • maven: com.github.jnr:jnr-enxio:0.4   Confidence:HIGH

jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-ffi/pom.xml

Description: A library for invoking native functions from java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-ffi/pom.xml
MD5: a2d35aaebc27c4b8f19181002d2c9355
SHA1: c769dd4db632c3c4c1c1045b90c17ab60da589b3

Identifiers

  • maven: com.github.jnr:jnr-ffi:1.0.4   Confidence:HIGH

jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-netdb/pom.xml

Description: Lookup TCP and UDP services from java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-netdb/pom.xml
MD5: 336b784a217f9ac97e18805cac4900b4
SHA1: 6135f04db1bf650018da4dd3a69388823a6cfb4f

Identifiers

  • maven: com.github.jnr:jnr-netdb:1.1.2   Confidence:HIGH

jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-posix/pom.xml

Description:  Common cross-project/cross-platform POSIX APIs

License:

Common Public License - v 1.0: http://www-128.ibm.com/developerworks/library/os-cpl.html
GNU General Public License Version 2: http://www.gnu.org/copyleft/gpl.html
GNU Lesser General Public License Version 2.1: http://www.gnu.org/licenses/lgpl.html
File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-posix/pom.xml
MD5: 61b3ab79dedecc507567a4c9ab7a99f4
SHA1: ba9ab5ecf7b001cd7d6d1ff6a89a770e451d3d7f

Identifiers

  • maven: com.github.jnr:jnr-posix:2.5.3-SNAPSHOT   Confidence:HIGH

jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-unixsocket/pom.xml

Description: Native I/O access for java

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-unixsocket/pom.xml
MD5: ee1013487de547c06b7173f966aa793e
SHA1: 047497b2d368d6bb261403a10a7fdb518f3fb573

Identifiers

  • maven: com.github.jnr:jnr-unixsocket:0.3   Confidence:HIGH

jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-x86asm/pom.xml

Description: A pure-java X86 and X86_64 assembler

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF/maven/com.github.jnr/jnr-x86asm/pom.xml
MD5: cb16b0b890c8b7a726a547ca0b58d00a
SHA1: 91de5c25955d1f321832738dce614b45e9939050

Identifiers

  • maven: com.github.jnr:jnr-x86asm:1.0.2   Confidence:HIGH

jruby-complete-1.7.4.jar\META-INF/maven/com.headius/invokebinder/pom.xml

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF/maven/com.headius/invokebinder/pom.xml
MD5: 6634ef344051de7c4bb12daf5edcdcb6
SHA1: 5416351ffc4cdef0ad64808dd7bbce3df48ea456

Identifiers

  • maven: com.headius:invokebinder:1.2   Confidence:HIGH

jruby-complete-1.7.4.jar\META-INF/maven/com.jcraft/jzlib/pom.xml

Description: JZlib is a re-implementation of zlib in pure Java

License:

Revised BSD: http://www.jcraft.com/jzlib/LICENSE.txt
File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF/maven/com.jcraft/jzlib/pom.xml
MD5: 9865cb6865ea83bbbd00d178a7fff2f8
SHA1: a567561c8f92fffeca9169f6075146bc5f8be104

Identifiers

  • maven: com.jcraft:jzlib:1.1.2   Confidence:HIGH
  • cpe: cpe:/a:jcraft:jzlib:1.1.2   Confidence:LOW   

jruby-complete-1.7.4.jar\META-INF/maven/jline/jline/pom.xml

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF/maven/jline/jline/pom.xml
MD5: 500f738103453677b784b1203c3ef8ca
SHA1: ced94611178acee4cd88ce3c5d2575ac6e576553

Identifiers

  • maven: jline:jline:2.7   Confidence:HIGH

jruby-complete-1.7.4.jar\META-INF/maven/joda-time/joda-time/pom.xml

Description: Date and time library to replace JDK date handling

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF/maven/joda-time/joda-time/pom.xml
MD5: b23f39942222e8aaeaeb3fae2596b307
SHA1: 2e415bc8611ca1755fa5ca464c316c15b6aea0a6

Identifiers

  • cpe: cpe:/a:date_project:date:2.2   Confidence:LOW   
  • maven: joda-time:joda-time:2.2   Confidence:HIGH

CVE-2014-5169  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title.

Vulnerable Software & Versions:

jruby-complete-1.7.4.jar\META-INF/maven/org.jruby.joni/joni/pom.xml

Description:  Java port of Oniguruma: http://www.geocities.jp/kosako3/oniguruma that uses byte arrays directly instead of java Strings and chars

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF/maven/org.jruby.joni/joni/pom.xml
MD5: 83959f77fd123687f3746040339ba8b3
SHA1: 74b9b8bcc86372a3021686d23162e8fedff6f4cb

Identifiers

  • cpe: cpe:/a:oniguruma_project:oniguruma:2.0.0   Confidence:LOW   
  • maven: org.jruby.joni:joni:2.0.0   Confidence:HIGH

jruby-complete-1.7.4.jar\META-INF/maven/org.yaml/snakeyaml/pom.xml

Description: YAML 1.1 parser and emitter for Java

License:

Apache License Version 2.0: LICENSE.txt
File Path: D:\maven\repository\org\jruby\jruby-complete\1.7.4\jruby-complete-1.7.4.jar\META-INF/maven/org.yaml/snakeyaml/pom.xml
MD5: 677250369972de96c0182352b40bc4a1
SHA1: 74e3a20616d3a5575165df045d13184c86025fa4

Identifiers

  • maven: org.yaml:snakeyaml:1.11   Confidence:HIGH

jetty-repacked-7.6.1.jar\META-INF/maven/org.eclipse.jetty/jetty-http/pom.xml

File Path: D:\maven\repository\org\seleniumhq\selenium\jetty-repacked\7.6.1\jetty-repacked-7.6.1.jar\META-INF/maven/org.eclipse.jetty/jetty-http/pom.xml
MD5: 8f1fca3b19f808084a0ec368324b3ed0
SHA1: 67dcf9233a473d872a3a48c3800781c0603df1d2

Identifiers

  • cpe: cpe:/a:eclipse:jetty:7.6.1.v20120215   Confidence:LOW   
  • cpe: cpe:/a:jetty:jetty:7.6.1.v20120215   Confidence:LOW   
  • maven: org.eclipse.jetty:jetty-http:7.6.1.v20120215   Confidence:HIGH

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

CVE-2017-7658  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

Vulnerable Software & Versions: (show all)

CVE-2017-7657  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.

Vulnerable Software & Versions: (show all)

CVE-2017-7656  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control

In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

Vulnerable Software & Versions: (show all)

jetty-repacked-7.6.1.jar\META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml

File Path: D:\maven\repository\org\seleniumhq\selenium\jetty-repacked\7.6.1\jetty-repacked-7.6.1.jar\META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml
MD5: 001a7f511ffb16873ea05be06bfcb1d9
SHA1: f3d8b5aa622cc3b68975088e33074b1dc4dd892f

Identifiers

  • maven: org.eclipse.jetty:jetty-io:7.6.1.v20120215   Confidence:HIGH


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the Node Security Platform.